I dentity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management.

<Insert Picture Here>

Identity Management 11gWhat’s New, Features and PositioningRohit GuptaVP, Product Management

<Insert Picture Here>

Agenda

• Business Drivers• Oracle’s Identity Management Strategy

• Product and Roadmap Update• 11g Components Review

• Sun IdM Acquisition Update• Recent Customer Successes• Competitive Positioning and Objection Handling• Summary

Oracle Confidential – For Internal Use Only

Identity Management Business Drivers

Reliable Security

Operational Efficiencies

Regulatory Compliance

User Experience

B2B Collaboration


Identity Management 11g

Core Principles

Suite Wide Integration

Hot-Pluggable

Service-Oriented Security

Entitlements Centric


• “Identity as a Service”, declarative security framework based on open Java and Web-services Standards

• Delivered through OPSS, services include authentication, authorization, encryption, common audit and logging etc.

• Comprehensive security for Fusion Middleware & Fusion Applications

Oracle Identity Management 11gService-oriented Security


Entitlements

SoDManagement

Audit Reporting

Rights Management

Role Mining

Role Management

Provisioning

FraudManagement

Single Sign-On

Attestation

Web ServicesSecurity

• Common entitlements model for authorization across the suite

• Delegated administration policies based on fine-grained entitlements

• Risk-based authorization to enable fraud prevention

• Exhaustive audit and compliance reporting, based on core entitlements defined and managed centrally

Oracle Identity Management 11gEntitlements-centric Suite


Shared Services Based Architecture

• Unified Install and Config• Intuitive, dynamic, user interface• Shared Services for:

• Password Management• Identity Administration• Single Sign-On• Strong Authentication

• Common Policy and Authorization• Common Auditing/Reporting• BPEL-based Workflow

• Leadership & Innovation• Open-source efforts for Aris ID, OpenAz

• Interoperability & Adoption• Enterprise & Internet identity standards

like SAML, SPML, XACML, OpenID, Oauth, etc.

• Hot-Pluggable• Across full range of Applications,

Middleware and Operating Systems

Oracle Identity Management 11gHot Pluggable and Standards-based

Oracle Confidential – For Internal Use OnlySupported and planned system configurations: http://idm.us.oracle.com R l s In o e ea e f I rt t onse ifica i

Oracle Identity ManagementOracle + Sun Combination

Oracle Platform Security Services

Access Management*Identity Administration Directory Services

Access ManagerAdaptive Access ManagerEnterprise Single Sign-OnIdentity FederationEntitlements ServerWeb Services Manager

Identity Manager Directory Server EEInternet DirectoryVirtual Directory

Identity Analytics

Management Pack For Identity Management

Operational Manageability

Identity & Access Governance

*Includes OpenSSO STS & Fedlet

Oracle Identity Management Roadmap Timelines


• Integrated user and role administration

• Internet-grade scalability for extranet provisioning

• 10x Performance Gain

• New Attribute-based Constrained Delegation

• Service-Oriented• Flexible integration based on SPML

• Extensible workflow based on BPEL

Oracle Identity ManagerProvisioning and Identity Administration

Oracle Identity Manager

Mainframes

Databases and LDAP

Custom Apps

Enterprise Applications

GRANT or REVOKE

Oracle Access Manager Authentication and SSO

New

Applications

DataServices

Oracle AccessManager

• Integrated Server and Agent Administration

• eCO-Grid, delivering high performance

Session Management

• SSO Security Zones scoped to individual

Application

• Inline diagnostics for superior manageability

• Support for OSSO Upgrades

Oracle Adaptive Access Manager Fraud Prevention

Secure Login

Challenge or Block

Risk Modeling

Analysis and Forensics

Oracle Adaptive Access Manager

• Integrated Case Management & Fraud Administration

• OTP Anywhere across Interactive Voice Response, SMS, Email etc.

• Universal Risk Snapshots for archival, restoration, forensics and more

• AnswerLogic offers KBA in combination with registration, answers and fuzzy logic

Oracle Identity Analytics 11gCompliance and Identity Governance

Dashboard & Reports

Enterprise Applications

Identity Manager

Risk Analytics

IT Audit Policy

Access Certification

Identity Data Sources

Access Manager

Oracle Identity Analytics

Identity Warehouse

• Compliance Control Panel• Extensive Set of Actionable Dashboards & Risk

Analytics

• Advanced Role Mining and Engineering

• Cert360 offers complete view of users, roles and entitlements to reviewer for attestation

• Rich Identity Warehouse• Optimized for Analysis, Mining, Correlation,

Reporting on Identity, Access and Policy Data

• Integrated with Oracle Identity Manager 11g and 9.1, and Oracle Waveset

Sun IdM Acquisition Status

Review of IdM Acquisition

Old Name New Name

Sun Directory Server Enterprise Edition Oracle Directory Server Enterprise Edition

Sun Role Manager Oracle Identity Analytics

Sun Identity Manager Oracle Waveset

Sun OpenSSO Enterprise Oracle OpenSSO

Strategic Products Continue and Converge

Oracle Directory Server Enterprise Edition & Oracle Internet Directory

N/A

Oracle Identity Manager Oracle Waveset

Oracle Access Manager Oracle OpenSSO

Oracle Identity Analytics Oracle Role Manager

Sun to Oracle Identity ManagementMigration Paths

Oracle Identity Federation 11g

Oracle OpenSSO(Federation)

18 Copyright © 2010, Oracle. All rights reserved

Oracle Identity Manager 11g

Oracle Waveset

Oracle Access Manager 11g

Oracle OpenSSO

Strategic Guidance on OW

• Guidance on ways to continue with Oracle Waveset• Where to safely invest, what to avoid, how to prepare

• Co-existence Strategy (ahead of Migration)• Support a phased approach to migration• OIM as back-office provisioning automation engine for new

(and eventually all) targets

• Migration Solution• Oracle to provide migration solution (methodology,

automation tools, documentation) to migrate from Oracle Waveset to Oracle Identity Manager

• Common Connector Strategy • Leverage connector innovation in current Oracle Waveset

deployment


Strategic Guidance on OpenSSO

• Phased approach to minimize impact during the transition to OAM 11g• Agent level compatibility• Manual policy migration

• Automations, upgrade utilities projected for OAM 11g• Target migrations from 7.x, 8.0• Focus on simple use cases – Authentication and SSO• Advanced use cases such as session failover or URL/J2EE

policy will be evaluated on a case by case basis


OpenSSO – OIF 11g

• Customers using OpenSSO federation features may migrate to OIF 11g• SAML / WS-Federation / Liberty ID-FF

• OpenSSO Fedlet (certified, bundled with OIF 11g)

• Certain features are out of scope for OIF• Liberty ID-WSF, SIS

• Migration utilities for standards-based flows• Standard metadata import/export

• Custom processing will have to be re-implemented

• Some manual steps may be required for metadata and trust


Business Landscape and Positioning

20102005

Oracle’s IdM Business Momentum

• License Revenue

• No. of Products

• No. of Customers

• Developers & PM.

• NA Consultants

• SI Partners

3

< 250

< 60

< 5

< 5

> 1,300% growth

18

> 6,000

> 500

>100

> 70

Oracle Confidential – Do Not DistributeOracle Confidential – Do Not Distribute

Business Summary

Oracle Confidential – Do Not DistributeOracle Confidential – Do Not Distribute

Case Study – ExelonOIM for Enterprise Provisioning & Identity Administration

• NERC (North American Electric Reliability Corporation) regulations were expanded in January 2010 due to homeland security initiatives

• The new regulations resulted in additional reporting and compliance requirements for energy providers, particularly those generating nuclear power

Oracle Solution

• Oracle Identity Manager for 22,000 users and Oracle Identity Analytics chosen over CA and Courion

•Deploying in Sun Solaris Environment

• Accenture aligned with Oracle to recommend us over CA

Business Challenges

• OIM will allow employees to reduce application access time from 15 days to less than 4 hours

• Reduced administrative costs through user self service

• Automated the certification process, which will significantly reduce time and money spent on this quarterly activity

Return On Investment


Case Study – American ExpressOIA for Compliance, Attestation, & Identity Governance

• Manual certifications and multiple orphaned accounts

• Needed a central repository for who-has/had what access

• Business struggles with cryptic names for entitlements

Oracle Solution

• Oracle Identity Analytics with 200K users, 5M accounts, 24M entitlements and 6.5M glossary definitions

• Defined user access certifications across 1400 applications

• Automated closed loop remediation by integrating with provisioning

Business Challenges

• Removed 500K orphaned accounts

• Automated 13,000 access certifications

• Successfully certified transfers to ensure proper access

• Eliminated the disconnect between business and IT in regards to glossary definitions




•Subscription Sun Identity Manager Licensee

•License term can run through, but not possible to renew after that putting their future project plans at risk

•Lockheed is using a non-strategic technology (Sun Identity Manager)

Oracle Solution

•Oracle Identity Manager Perpetual Use License

•Cancel Sun Subscription License

•Provide 24 months of right to use both Sun and Oracle during the technical migration process

Business Challenges

•Lockheed is now on the path to migrate to the strategic technology and can plan to do so in a non-rushed fashion


Case Study – Lockheed MartinSun Subscription to Oracle Migration

IdM Competitive Summary: Suites

Identity

Administration

Directory

Services

Suite Breadth

Access Mgmt

& Entitlements

Audit &

Compliance

Fraud Prev. &

Strong Authn

Full IdM Comp Intell at http://my.oracle.com/compete and http://idm.us.oracle.com Oracle Confidential – For Internal Use Only

Competing with IBM

Positioning Against IBM• Product and Deployment Complexity

• Complex licensing model

• Competitive displacements, especially for TIM/TAM. Use strong Oracle References.

• Audit and Compliance capabilities; Sophistication in role management, GRC/SoD integration

• Support for Fine-grained Authorization and Entitlements

• Depth and Breadth of IdM integration with Oracle Ebusiness Suite, PeopleSoft, Siebel and SAP

What to Expect from IBM• A lot of FUD around Sun.

• Solutions-based sales model, i.e., IBM Global Services will bundle HW, SW, and professional/managed services

• IBM claims they are the market leader for web access management

• Will highlight their strong integration between Provisioning and SIEM (Security Information and Event Management).

• Strategic relationships at the CXO levels

In Depth IBM Comp Intell - http://my.oracle.com/portal/page/myo/compete/master_ci/ibm_tivoli Oracle Confidential – For Internal Use Only

A new breed of competition

• Most visible OIA Competitor

• They message around ease of use, simplicity, and cost effectiveness

• We need to message around completeness of stack, deep investment in this space, tight integration with OIM, and ability to do complex role management and rule lifecycle management

• Question their product’s ability to scale

• Click SailPoint logo for more detailed comp intell and positioning points

• Directory Services Competitor

• They message around next generation IdM infrastructure and ability to scale

• We need to message around completeness of stack including the top directory services platform used in numerous highly distributed, scaled, and mission critical instances

• Question their company’s ability to scale to support large customer deployments

• Commercial support for former “Sun” Open Source

• They message around the virtues of Open Source technology and their ability to enhance and support the products

• We need to message around the best parts of Sun IdM merging with Oracle IdM to deliver the leading next generation IdM technologies

• Clarify that Oracle is supporting commercial licensees of OpenSSO and offers license and technical migrations to Oracle

• Question their ability to support all of the technologies they are taking on


I dentity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management.

Documents

Transcript of I dentity Management 11g What’s New, Features and Positioning Rohit Gupta VP, Product Management.