Access Management (AM) is the real-time enforcement of application security using Identity-based controls and provisioned access rights. Assuring performance when delivering access services is particularly important, as is having access capability across a wide range of resource types and environments. Businesses can achieve this performance and capability across disparate platforms by using solutions that deploy agents on target technologies or by leveraging standards-based authorization.
For the normal range of business applications, access via web browsers, portals, or client screens on different client platforms must be considered, as well as the various interface types that legacy applications support. The company must also assess requirements for access to web services, ensuring that their AM solution meets all access capabilities.
SSO FEDERATION
Authentication, Single Sign-On (SSO), and federated solutions simplify the login process for the benefit of both the organization and users without compromising security. The requirement that a user access multiple applications using different Identity credentials means that those credentials also need to be maintained separately for each application, imposing an additional cost on your organization. Using the same weak password for multiple applications weakens enterprise security.
A better solution is to streamline the login process for multiple applications, so that logging on to one enterprise application allows the user to access other applications without the need to log on separately. SSO solutions that provide this functionality are relatively mature, but their implementation is complex.Recently, enterprises who work collaboratively with one another have sought to simplify logins by allowing users who have successfully logged on to one enterprise’s applications to transparently re-authenticate to a partner enterprise’s applications.
Underlying this technique is the concept of federated identity, in which each enterprise has agreed to recognize the validity of the other’s identity credentials and authentication (login) procedures. While not as widespread as SSO solutions, federated identity solutions are also maturing, aided by industry standards for securely issuing and recognizing identity assertions.Our authentication, Single Sign-On (SSO), and federated identity solutions give full lifecycle services for SSO and federated identity projects, including:
Development of a strategy and architecture for SSO and federated identity.
Implementation and application integration.
Review and assessment of existing solutions.
Risk analysis and risk mitigation frameworks for mutual recognition of identity credentials and identity assertions in a federated identity regime.
Implementation of SSO solutions across legacy and web-based applications.
ENTERPRISE GATEWAY
Companies worldwide are actively deploying service-oriented architecture (SOA) infrastructures using web services, both in intranet and extranet environments. While web services offer many advantages over traditional alternatives (e.g., distributed objects or custom software), deploying networks of interconnected web services still presents key challenges, especially in terms of security and management.
Web services can be implemented using different approaches and technologies that need to be secured at the different stages of the request/response cycle between clients (e.g., users or applications) and service providers (entities providing web services).There are several security layers between clients and web services providers. The first, also known as “perimeter security” or “first line of defense,” is referred to as the demilitarized zone, or DMZ. The second security layer, or “green zone” (to continue with the military analogy), is located behind the inner firewall of the DMZ. In some cases, the green zone may include several security sub-layers designed to further filter access to web services. Finally, the last security layer, or “last-mile security,” is provided by agents co-located with the web services or applications to be protected. For example, Oracle Enterprise Gateway is tightly integrated with Oracle Access Manager, Oracle Entitlements Server, Oracle Web Services Manager, and Oracle SOA Suite to provide transport- and application-level security across all layers involved in web services requests.
