tag:blogger.com,1999:blog-47231978116147238182024-03-14T11:43:23.940-07:00Oracle Access ManagementMatt Berzinskihttp://www.blogger.com/profile/07853387066499077770noreply@blogger.comBlogger78125tag:blogger.com,1999:blog-4723197811614723818.post-46171114558837427622011-08-24T09:48:00.000-07:002011-08-24T09:48:39.701-07:00What's new in Oracle Access ManagementYesterday, as part of the <a href="http://www.ioug.org/Events/OnlineEducationSeries/tabid/85/Default.aspx">IOUG education series</a>, I did a webinar about layering enterprise security with Oracle Access Management components. We also spent some time explaining what's new in Oracle Access Management 11gR1 PS1 (11.1.1.5.0), released earlier this summer.<br />
<br />
The replay will be available shortly, so check back soon.<br />
<br />
We focused on a number of key themes for the PS1 release, including:<br />
<ul><li>Single Platform to Secure Access to Data, Applications and WebServices</li>
<li>Centralized Session Management to deliver stronger security</li>
<li>Stronger methods of Authentication including OTP tokens, and KBA</li>
<li>Enhanced Manageability</li>
<ul><li>Centralized Server and Agent Administration</li>
<li>Inline Diagnostics and Troubleshooting</li>
</ul></ul>One of the other cool things we did in this release was complementing the existing OAM services - authentication, SSO, and session management - with a new, integrated standards-based security token service.<br />
<br />
This is a great example of how we layer functional products, like Oracle Access Manager and Oracle STS, on top of our modular, shared services architecture. We also centralized policy management and administration of the two products into a single console:<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8kzq6wA3_l_QAH9DF3PXOL6sN38mOJZ8yTODkiLMyHBtGx_dyXmJYfFhy6Gq3_iclMcWlsVpFFfSRx5cMCTH0JPF6UND48p5OkOZqM00BsdgSx7PwZIR9zdG1-5cp1XlcSeJ4Er5_ICSu/s1600/STS_Services_crop.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="127" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8kzq6wA3_l_QAH9DF3PXOL6sN38mOJZ8yTODkiLMyHBtGx_dyXmJYfFhy6Gq3_iclMcWlsVpFFfSRx5cMCTH0JPF6UND48p5OkOZqM00BsdgSx7PwZIR9zdG1-5cp1XlcSeJ4Er5_ICSu/s400/STS_Services_crop.jpg" width="400" /></a></div><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
This integrated approach allows customer to deploy OAM and STS together, or to disable services that aren't required. For example customers that have already deployed a 3rd party authentication and SSO system and don't require OAM services can deploy Oracle STS with that 3rd party system.<br />
<br />
In case it isn't obvious, deployment flexibility is another theme of the release. <br />
<br />
We are pretty excited about some of the new features and will be posting on individual products in the release, including Oracle Access Manager, Oracle ESSO, and Oracle Adaptive Access Manager in upcoming blog posts.Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-69014463196330406612011-05-13T12:05:00.000-07:002011-05-26T09:27:26.917-07:00OAM 11g Authentication as a Webservice<div dir="ltr" style="text-align: left;" trbidi="on">A bit advanced topic for those who want to dive deep into OAM..<br />
<br />
Check out other good blogs from <a href="http://oracleaccessmanagement.blogspot.com/2011/03/here-at-oracle-access-management-pm.html">Eric</a> and <a href="http://bit.ly/eDjSJL">Chris</a> to understand the nitty gritty of how SSO works<br />
<br />
A common scenario for an access manager to fulfill authn/authz services is for a client to pass the necessary credentials to an agent and the agent in turn will pass the info to OAM via the http/OAP protocols. The agents used here are ofcourse the webgates and the accessgate. The webgate being specific to the webservers and the accessgate being the customized agent for the client application that may or may not have a webserver.<br />
Now what happens if you are in a situation if the client does not have a webserver that oracle agents normally are compatible with. The client is left alone to use the accessgate that may involve lots of customization or he may just not use access manager as his solution.<br />
<br />
What if there's a way if you could remove the clients webserver dependency on webgate/accessgate and yet provide a standard way of communicating to Oracle Access Manager.<br />
The solution is using OAM as a webservice and yet the necessary mechanics for a successful OAM authentication still remains unchanged. In other words the agent(accessgate) is moved to the back-end probably remaining in the same box as the OAM or another box.<br />
<br />
So what exactly drives the OAM authentication to trigger. The following diagram depicts the above scenario.<br />
<br />
The request for a resource can be done in two ways<br />
<br />
<b style="color: #006600;">From a web client such as a browser</b><br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-fqySjKIcOSESoa_khFfc-MVCj-2-S8xRgyBXLsatYbkHTrGyz3ETGH9ib0loX4m2a9S7sIqtwRXCl80Q-RN2AXmOp6i1dyf-OI8zAlzEU-LnZTSBEe9jOQMmRLG7SsjJ2vF2wVZ88NM/s1600/OAM_WebserviceC1.gif" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5606249336950943266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-fqySjKIcOSESoa_khFfc-MVCj-2-S8xRgyBXLsatYbkHTrGyz3ETGH9ib0loX4m2a9S7sIqtwRXCl80Q-RN2AXmOp6i1dyf-OI8zAlzEU-LnZTSBEe9jOQMmRLG7SsjJ2vF2wVZ88NM/s320/OAM_WebserviceC1.gif" style="cursor: hand; cursor: pointer; display: block; height: 305px; margin: 0px auto 10px; text-align: center; width: 320px;" /></a><br />
<br />
<br />
<b style="color: #006600;">Or from a standalone client such as a java application</b><br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB9hLOdSQXINuVvuO1B36RKGtUk9CE55MdKCcE4z5T6tYnBwY1M6b0jSqxvsnXPJBEA3jY0TQbWic9qqwpM23Rfkpavl4CZzuQtaDoTxJ84ZLKAqkqAvxjRjX45K__wbym9BXDNNV_qlk/s1600/OAM_WebserviceC2.gif" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5606254016650522882" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB9hLOdSQXINuVvuO1B36RKGtUk9CE55MdKCcE4z5T6tYnBwY1M6b0jSqxvsnXPJBEA3jY0TQbWic9qqwpM23Rfkpavl4CZzuQtaDoTxJ84ZLKAqkqAvxjRjX45K__wbym9BXDNNV_qlk/s320/OAM_WebserviceC2.gif" style="cursor: hand; cursor: pointer; display: block; height: 320px; margin: 0px auto 10px; text-align: center; width: 292px;" /></a><br />
<br />
<span style="color: #000066; font-style: italic; font-weight: bold;">Note in both the above cases the client does not require any webgates/accessgate</span><br />
<br />
Before I jump into the details of the above some of the soap features worth mentioning (of which some of you may be already aware of ) are<br />
Soap<br />
<ol><li>Uses standard internet HTTP</li>
<li>Uses XML to send and receive messages</li>
<li>Platform independent</li>
<li>Language independent</li>
<li>A protocol for exchanging information in a decentralized and distributed environment</li>
<li>Soap happens to be one of the key features of Microsoft's .Net Architecture especially, Web Services</li>
</ol><br />
<br />
Web services describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone. XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available. Used primarily as a means for businesses to communicate with each other and with clients, Web services allow organisations to communicate data without intimate knowledge of each other's IT systems behind the firewall<br />
<br />
<br />
<span style="color: #006600; font-weight: bold;">Flow in a nut shell</span><br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfvWUQK2lUxEBD3nw8UPnrK9psSlHFYD-UcO7NRH_0KQb0J528dqqpWoJ1eX5WIdeaNtF9iNPeSlA1-eYFY8MKSvEGzsoYyZ-oLbapmbF8OJbcuVP1UEA-aU1IBYmNtr8aJ-WWkIkBZlg/s1600/AuthServiceFlow.gif" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5606259607769994370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfvWUQK2lUxEBD3nw8UPnrK9psSlHFYD-UcO7NRH_0KQb0J528dqqpWoJ1eX5WIdeaNtF9iNPeSlA1-eYFY8MKSvEGzsoYyZ-oLbapmbF8OJbcuVP1UEA-aU1IBYmNtr8aJ-WWkIkBZlg/s320/AuthServiceFlow.gif" style="cursor: hand; cursor: pointer; display: block; height: 274px; margin: 0px auto 10px; text-align: center; width: 320px;" /></a><br />
<br />
<ol><li>The client requests for a resource.</li>
<li>The request is submitted to a proxy client which in turn makes a soap call to OAMAuthService which is a webservice.</li>
<li>This service calls the OAM 10g ASDK API.</li>
<li>The ASDK API invokes the accessgate (which is installed) to communicate to the OAM server .</li>
<li>The OAM server performs authentication and passes an encrypted token back to the client.</li>
</ol><br />
<br />
<br />
<span style="color: #006600; font-weight: bold;">Components</span><br />
<br />
The components involved in the above architecture are<br />
<br />
<span style="color: #000099; font-style: italic;">OAMServer</span><span style="color: #000099;">:</span> The emphasis here will be a OAM 11g server . That provides the authentication service<br />
<br />
<span style="color: #000099; font-style: italic;">AccessGate</span><span style="color: #000099;">:</span> AccessGate is the building block for all webgates. Unlike webgates where it is always associated to a webserver an accessgate is used by standalone application or by a non web applications. say for eg a java program or an EJB or and C program etc. Accessgates are the only way to communicate with the OAM server<br />
<br />
<span style="color: #000099; font-style: italic;">OAMAuthService</span><span style="color: #000099; font-style: italic;">:</span> A java file that consists of the implementation APIs for the webservice. These API call the AccessGate ASDK API which communicate with the accessgate and in turn talks to the OAM server for authentication check<br />
<br />
<span style="color: #000099; font-style: italic;">WebServiceClientProxy</span><span style="color: #000099;">:</span> This is a Java proxy that is used to make webservice calls on OAMAuthService All web and non web applications will instantiate this java class for OAM Auth Services<br />
<br />
<span style="color: #000099; font-style: italic;">OAMAuthServlet</span><span style="color: #000099;">: </span>This is a sample servlet file that instantiates the WebServiceClientProxy and also collects the username and password and submits them to the OAM Server via the WebServiceClient Proxy<br />
<br />
<br />
<span style="color: #006600; font-weight: bold;">Scope</span><br />
The scope is limited to sesssion token validation between similar agents. i.e the token obtained from one 10g agent can be used with another 10g agent. The 10g token cannot be used with a 11g agent. This is limited in the current release.<br />
<br />
<span style="color: #006600; font-weight: bold;">Sample Code </span><br />
<span class="Apple-style-span" style="color: black;"><a href="https://www.samplecode.oracle.com/tracker/tracking/linkid/prpl1004?id=S757">https://www.samplecode.oracle.com/tracker/tracking/linkid/prpl1004?id=S757</a></span><br />
<br />
The sample code folder also consists of a Jdeveloper IDE project file. (Helpful for those who would like to view and deploy from an IDE)<br />
<br />
I hope you have enjoyed this article and leave comments if any.<br />
<br />
<a href="http://www.twitter.com/derick_leo"><img alt="Follow derick_leo on Twitter" src="http://twitter-badges.s3.amazonaws.com/follow_me-c.png" /></a><br />
<a href="http://draft.blogger.com/goog_457103023"><br />
</a><br />
<br />
<br />
</div>Derick Leohttp://www.blogger.com/profile/00556030325487304094noreply@blogger.com4tag:blogger.com,1999:blog-4723197811614723818.post-37609197444814544592011-05-11T10:50:00.000-07:002011-05-11T10:50:45.385-07:00Tool Talk Webcast: Balancing Strong Authentication and Context-aware SecurityOn May 4th, Mark Karlstrand presented a webcast on how to augment strong authentication with layered or context-aware security. The <a href="https://www.sans.org/webcasts/balancing-strong-authentication-context-aware-security-94409">replay of the webcast</a> is available from the SANS website (note you will have to register a SANS account in order to view the replay).Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-49285165970612852182011-05-11T08:54:00.000-07:002011-05-11T09:01:27.754-07:00<strong style="font-weight: normal;">Here is an interesting blog on how </strong><strong style="font-weight: normal;">Symantec<span style="font-weight: bold;"> </span><a style="font-weight: bold;" rel="nofollow" target="_blank" href="http://e.businessinsider.com/3t5l.3l9/Tcp5gLyczRbJG6jIBebe8"><span class="yshortcuts" id="lw_1305129194_23">exposed</span></a><span style="font-weight: bold;"> </span>a security hole at <span class="yshortcuts" id="lw_1305129194_24">Facebook</span>, where the </strong> Facebook applications is accidentally leaking access to 3rd Parties.Kavya Muthannahttp://www.blogger.com/profile/04145833105410994600noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-66535099356746261172011-04-28T15:29:00.000-07:002011-04-28T15:51:59.065-07:00New certifications for OAM 10.1.4.3<span style="color: rgb(0, 0, 0);font-family:arial;" >We have released a number of new 10.1.4.3 OAM 3rd party and Oracle packages/certifications on OTN</span> -<br /><ul style="font-family: arial; color: rgb(0, 0, 0);"><li>64-bit Websphere Application Server v7.0 with Portal on<br />SUSE 10 & SUSE 11<br />Redhat Linux 5.x<br />Windows 2003 & Windows 2008<br /></li></ul><ul style="font-family: arial; color: rgb(0, 0, 0);"><li>32-bit ASDK on Redhat Linux 5.5</li><li>32-bit Apache 2.2.x, with Apache Reverse Proxy on SUSE 10 & 11 </li><li>64-bit Apache 2.2.x, with Apache Reverse Proxy on SUSE 11 </li><li>32-bit & 64 bit Apache 2.2.x, on AIX 6.1<br /></li></ul><span style="color: rgb(0, 0, 0);font-family:arial;" >They can be downloaded <a href="http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html">here</a></span>.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-10960413729479666142011-04-27T13:01:00.000-07:002011-04-27T13:04:13.450-07:00Its official: OAM 11g certified with EBS 12Oracle Access Manager 11gR1 (11.1.1.3) is now certified for use with E-Business Suite Releases 12.0.6 and 12.1.1 and up.<br />
<br />
There are <b>two certification paths</b> available: one for new users, and one for users upgrading from Oracle Single Sign-On Server 10gR3 (OSSO).<br />
<ul><li>Users who are implementing single sign-on for the first time may integrate OAM 11gR1 using <b>Oracle E-Business Suite AccessGate Release 1.1</b>. Oracle E-Business Suite AccessGate is a Java EE application that resides on a separate application server (Oracle WebLogic Server), and provides direct integration between Oracle E-Business Suite and Oracle Access Manager through OAM WebGate. Oracle E-Business Suite AccessGate is available at no cost to licensed Oracle E-Business Suite customers.<br />
<br />
</li>
<li>Users who are upgrading from OSSO 10gR3 can leverage their existing integration by using OAM 11gR1 with the <b>mod_osso agent</b>. This option allows you to migrate your existing partner application registrations from OSSO 10gR3 to OAM 11gR1, with minimal disruption to existing application integration and functionality. This integration does not require Oracle E-Business Suite AccessGate, and is supported for <b>upgrading users only</b>.</li>
</ul><b>Documentation </b><br />
Detailed documentation has been published here: <br />
<a href="https://support.oracle.com/CSP/ui/flash.html#tab=KBHome%28page=KBHome&id=%28%29%29,%28page=KBNavigator&id=%28bmDocType=BULLETIN&from=BOOKMARK&bmDocDsrc=DOCUMENT&viewingMode=1143&bmDocID=1309013.1&bmDocTitle=Integrating%20Oracle%20E-Business%20Suite%20with%20Oracle%20Access%20Manager%2011g%20using%20Oracle%20E-Business%20Suite%20Acc%29%29">Integrating Oracle E-Business Suite with Oracle Access Manager 11g using Oracle E- Business Suite AccessGate</a><br />
<a href="http://www.blogger.com/goog_1532406371"> </a><br />
<a href="https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1304550.1">Migrating Oracle Single Sign-On 10gR3 to Oracle Access Manager 11gR1 with Oracle E-Business Suite</a><br />
<br />
<br />
<div style="color: black;"><b>Prerequisites & Interoperability</b> </div><ul type="disc"><li class="MsoNormal" style="line-height: normal;">Oracle E-Business Suite Release 12.1 RUP 1 (12.1.1) or higher; Release 12.0 RUP 6 (12.0.6)<br />
</li>
<li class="MsoNormal" style="line-height: normal;">Oracle Access Manager 11gR1 (11.1.1.3) with Bundle Patch 02 (BP02)<br />
</li>
<li class="MsoNormal" style="line-height: normal;">Oracle Internet Directory 11gR1 PS2 (11.1.1.3) or higher</li>
<li class="MsoNormal" style="line-height: normal;">Oracle WebLogic Server 11gR1 PS2 (10.3.3) or higher</li>
</ul><span style="color: black;"><b>Platforms Certified</b></span><br />
The Oracle E-Business Suite AccessGate Java application is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the <a href="http://www.oracle.com/technology/software/products/ias/files/fusion_requirements.htm">Oracle Fusion Middleware 11g System Requirements</a> for more details.<br />
<br />
Integration with mod_osso is supported on all fully certified Oracle E-Business Suite Release 12 platforms. Refer to the My Oracle Support Certifications section for more details.<br />
<br />
For information on operating systems supported by Oracle Access Manager and its components, refer to the <a href="http://www.oracle.com/technetwork/middleware/id-mgmt/identity-accessmgmt-11gr1certmatrix-161244.xls">Oracle Identity and Access Management 11gR1 certification matrix</a>.Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-3910472706778562002011-04-20T13:52:00.000-07:002011-04-20T13:52:42.912-07:00iOS4 tracking location dataAs reported <a href="http://petewarden.github.com/iPhoneTracker/">here</a>, it turns out iOS4 is tracking and storing user location data. This data is on your phone and is backed up to machines with which you sync your iOS devices. While it doesn't appear that the data is ever accessed by Apple or 3rd parties, this raises significant privacy concerns. Plenty of people are commenting on that, so I won't belabor the point here.<br />
<br />
Instead, I'll focus on a counterpoint.<br />
<br />
When customers use <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/index.html">Oracle Adaptive Access Manager</a> to perform risk/anomaly detection and fraud prevention, often they incorporate IP/Geolocation data to help identify anomalous behavior (why are you performing a transaction from <a href="http://en.wikipedia.org/wiki/Ouagadougou">Ouagadougou</a> when normally you log in from San Francisco?) or obvious breaches to the laws of physics (10 minutes ago you and your device were in San Francisco, now you and your device appear to be in <a href="http://en.wikipedia.org/wiki/Tenerife">Tenerife</a>).<br />
<br />
Most IP/Geolocation data is very specific to laptop/desktop types of devices. As more services are accessed using smartphones and tablets (or other non-user devices for that matter) data that helps security infrastructure understand where a user is currently - like, I don't know, say by triangulating that user's device location from nearby cell towers - could prove significantly useful in preventing fraud and therefore protecting people from criminals.<br />
<br />
Protecting people from criminals is a good thing, right? <br />
<br />
Apple hasn't said why they are collecting the data or how they intend/expect it to be used. That's a smart bunch of people over there, so perhaps they've already thought through the use cases above and that's why the data is there.<br />
<br />
Or, this could also turn out to be a serious Big Brother move. What's all that I've been seeing this week about <a href="http://singularityhub.com/2011/04/19/skynet-becomes-aware-launches-nuclear-attack-on-humanity/">Skynet</a> coming online and destroying humanity? <br />
<br />
I'm gonna go <a href="http://static.openheatmap.com.s3.amazonaws.com/iPhoneTracker.app.zip">download an app</a> to find out where I've been.Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-89520662132799735412011-04-13T11:30:00.000-07:002011-04-13T11:36:23.164-07:00Oracle Security Token Service – Single “thread of identity”<!--[if !mso]> <style> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style> <![endif]--><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--><span style=";font-family:";font-size:9pt;" >We are getting ready to roll out our next generation product called Oracle Security Token Service (Oracle STS), which will become the hub for brokering trust and authentication in a typical enterprise deployment. <span style=""> </span>Oracle STS will help solve the identity propagation problems that we see these days in most enterprises.</span> <p class="MsoNormal" style="margin-left: 0in; text-indent: 0in;"><span style=";font-family:";font-size:9pt;" >Many customers have already deployed or in the process of deploying an Access Management solution to address their single-sign-on needs for their intranet and extranet users. The next level of access management problem that is trending is towards facilitating the user’s authenticated identities through multiple business systems and processes so applications can make smart decisions based on user’s identity.<span style=""> </span></span></p> <p class="MsoNormal" style="margin-left: 0in; text-indent: 0in;"><span style=";font-family:";font-size:9pt;" >In a typical enterprise environment, the applications users will have to interact with various types of applications in a distributed environment, deployed on multiple</span><span style=";font-family:";font-size:9pt;" lang="EN-GB" > application platforms, spanning across multiple security domains. A single “thread of identity” is becoming a requirements to facilitate better and seamless user experience at the same time <span style="">simplify the integration <span style=""> </span>and deployment of <span style=""> </span>these distributed applications and environments.</span></span></p> <p class="MsoNormal" style="margin-left: 0in; text-align: center; text-indent: 0in;" align="center"><span style=";font-family:";font-size:9pt;" > </span></p> <p class="MsoNormal" style="margin-left: 0in; text-align: center; text-indent: 0in;" align="center"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3niYV38VMga9uxAhM9n4x43P0L_NIzQsk58APxn_xkB6T9Mu_5bjtKI4xvdkujcBWIIyin8j3eW9uPAOrjzKcQVwD8p4lAqeaZRnBOA7ynIFUB9Wo3SHD9xS_ONPM01IrGA0GVbQiigE/s1600/STS.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 326px; height: 299px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3niYV38VMga9uxAhM9n4x43P0L_NIzQsk58APxn_xkB6T9Mu_5bjtKI4xvdkujcBWIIyin8j3eW9uPAOrjzKcQVwD8p4lAqeaZRnBOA7ynIFUB9Wo3SHD9xS_ONPM01IrGA0GVbQiigE/s320/STS.jpg" alt="" id="BLOGGER_PHOTO_ID_5595138111178254242" border="0" /></a></p> <p class="MsoNormal" style="margin-left: 0in; text-indent: 0in;"><span style=";font-family:";font-size:9pt;" lang="EN-GB" > </span></p> <p class="MsoNormal" style="margin-left: 0in; text-indent: 0in;"><span style=";font-family:";font-size:9pt;" lang="EN-GB" >Oracle STS can be deployed as a shared service that provides a standard-based consolidated mechanism of trust brokerage between different identity domains and infrastructure tiers which can help bring down the </span><span style=";font-family:";font-size:9pt;" >overall cost through centralized administration, increasing end-user productivity and providing improved application security and trust enforcement through standards </span></p>Kavya Muthannahttp://www.blogger.com/profile/04145833105410994600noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-70485925637678790082011-04-12T09:24:00.000-07:002011-04-28T10:56:31.481-07:00May 4th webcast: Strong AuthN Credentials Are Not EnoughOn May 4th, Mark Karlstrand, product manager for <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/index.html">Oracle Adaptive Access Manager</a>, will be doing a webcast discussing why strong credential based authentication is not a solution alone and why a layered approach to access security is required.<br /><br />Topics covered will include contextual risk analysis, monitoring for suspicious behavior and looking for anomalies related to authentication events. Oracle Adaptive Access Manager provides tools to enable this type of monitoring to detect potentially fraudulent activity and misuse of legitimate user credentials or authentication devices. This layered approach ensures that the credential based authentication mechanism being used will not be a single point of failure.<br /><br /><br />For information about the topic and to register, go here:<br /><a href="http://www.sans.org/info/75764">http://www.sans.org/info/75764</a>Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-12184774758760270432011-04-07T13:57:00.000-07:002011-04-07T14:29:42.500-07:00OAM 11g deployment with a multi-million user population live!The first production deployment of OAM 11g with a multi-million user population is now live! Starting April 1st, 2011, OAM 11g is now taking 100% of authentication load from extranet web properties of Oracle. All customers that access any Oracle service over the extranet are now authenticated with Oracle Access Manager 11g. <br /><br />All web authentication traffic at Oracle; intranet or extranet; desktop or iphones; end-user or programmatic, is now being handled by OAM-11g system. Collectively, this amounts to about 750 K authentications requests on a typical working day. As we transition more systems to use Corporate SSO we expect this number to grow in the coming quarters.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-89655368081591213282011-03-28T08:21:00.000-07:002011-03-29T10:10:40.186-07:00What is more important? What you buy or from whom you buy it?I recently had a very enlightening and satisfying customer service experience.<br /><br />Not too long ago, I bought a new car. I love the car - it drives great, gets great gas mileage, looks cool, and is basically everything I was looking for in a car. Unfortunately, this car was also having persistent issues with the emissions system, causing the Service Engine Soon light to come on after about 1700 miles. I dutifully took the car into the dealer to have it serviced. Then I took it in again. And again.<br /><br />With each trip to the dealer, my frustration mounted. I began to conclude that I had inadvertently been sold a "lemon". I did some research into <a href="http://ag.ca.gov/consumers/general/lemon.php">California's "Lemon Law"</a> and as a result immediately contact the manufacturer to notify them of the issues with the car, tell them how frustrated I was, and see what they would do.<br /><br />Because of other customer service experiences - satellite/dish providers and mobile/telco providers spring immediately to mind - I expected the worst. To my surprise, the customer service provided by BMW North America was superb. The customer service representatives (I talked to two during one 20 minute call) were helpful. They showed empathy for my situation. They told me they would advocate on my behalf. They offered suggestions for what to do next. They asked me what would I thought would help bring the situation to a successful conclusion and promised to work toward those outcomes.<br /><br />As a result, I was immediately calmed. I asked for a root cause analysis of the problem and I agreed to another attempt to service the vehicle. In the end, I didn't get a root cause, but I did get my car back with the issue fixed, was treated exceptionally by the dealer, and am probably on my way to becoming a lifetime customer.<br /><br />Every successful company cares about their customers. So what makes one vendor or manufacturer different from another?<br /><br />I am very often asked by customers, partners, Oracle sales people, and others what differentiates Oracle and our <a href="http://www.oracle.com/us/products/middleware/identity-management/index.html">Identity and Access Management products</a>. Usually they expect that I will tell them what our products do, how they are built, and why that makes them different from other products they may be evaluating. What I typically tell people is that it isn't <span style="font-style: italic;">WHAT</span> we are selling but <span style="font-style: italic;">HOW</span> we stand behind it that makes all the difference. The example above perfectly illustrates the point.<br /><br />Let's face it, there often isn't a lot of easily identifiable functional differentiation between products sold by big enterprise software companies. While most claim otherwise, this is also true of many of the smaller start up and niche vendors in the identity and access management market.<br /><br />The same can also be said for car manufacturers like BMW, Lexus, and Mercedes Benz, which is what got me thinking about this in the first place, that it's more about from whom you buy and how they help you after you buy it than what you buy in the first place. Setting aside the price aspect for a moment, generally this kind of thing is referred to as a <a href="http://en.wikipedia.org/wiki/Commodity">commodity</a>.<br /><br />So when I listen to customers talk about what is really important to them, I generally hear them focus on two things:<br /><ol><li>they think of most software and the hardware it runs on as commodities, and;</li></ol><ol><li>as a result it isn't the product functionality they are worried about, but the robustness of the solution and how easy it will be to keep it up and running in their environment. </li></ol>In fact, when asked to spend $100, many will spend $70-80 out of that $100 on tools/features for existing software that facilitate diagnosing or troubleshooting issues. As it turns out, this is an indication that these customers are worried about whether - when something goes wrong - someone will be there to listen, to help them through their problems, to understand what defines a successful outcome, and be an advocate toward that outcome.<br /><br />So how do vendors and customers work together to achieve a successful outcome? What do commodity vendors do to differentiate themselves from other vendors?<br /><br />While working with customers, I've noticed a few things that our team does that almost always<br />help:<br /><ul><li>Be proactive. If all your interactions are based on hair-on-fire escalations you generally don't have a good basis for cooperative, constructive problem solving. Since most enterprise software support systems are by their nature reactive, proactive communication will help by establishing a raport and creating trust outside of the scope of reacting to a specific problem. Proactive communication will also allow you to anticipate key upcoming milestones so that you can prime your reactive support system to be ready before problems occur.</li></ul><ul><li>Be transparent. Tell your customer what you are doing and why you are doing it. Most support escalations occur when your customer contact doesn't know what to tell his/her boss. Picking up the phone periodically, even if just to explain that you have nothing new to report but are continuing to work on or monitor the situation, can help defuse most potentially explosive situations.</li></ul><ul><li>Show empathy. Don't make exaggerated claims or promise to deliver things you cannot deliver. The single most satisfying thing about the customer service I received from my car manufacturer was the fact that they made it clear they were on my side. They made no promises other than to be my advocate. That was enough.</li></ul><ul><li>Engage action. Get everyone on the same page about why they come to the office everyday: to ensure customer success. If everyone is on the same page about why, you can avoid disputes about what needs to happen, who needs to do it, and when it needs to get done. The most successful resolutions I've seen have been the result of strong collaborations of cross functional teams where the day job of most of those team members was not, strictly speaking, customer support.</li></ul>This is a pretty basic description of what the folks at my car manufacturer did for me. Of course, there is no one-size-fits-all solution that creates undeniable differentiation around a commodity product. Nonetheless, when prospective customers ask me what sets Oracle apart, I don't spend a lot of time telling them about software features. Instead, I describe the process above, explain why that is important to us as an organization, and how that emphasis benefits customers.<br /><br />Usually, that is enough.Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-17988918373884072822011-03-21T20:35:00.000-07:002011-03-21T20:49:26.746-07:00How SSO works in OAM 11gHere at Oracle, the access management PM team gets asked a lot of questions about how <a href="http://bit.ly/eyvDVj">Oracle Access Manager 11g</a> works, especially about the overall SSO model, what cookies are created and what they do, and processing flows between components, and how specific component interactions work to achieve authentication and SSO. In this post, we will explore the OAM 11g SSO model. It’s quite a bit different from the OAM 10g model, especially since we now support things like server side credential collection, server-based session management, and application scoped sessions.<p></p>Before we get started, it’s worth noting that OAM 11g supports the use of both OAM 10g and 11g Webgates as well as mod_osso plug-ins for Oracle HTTP Server (OHS). We support this through what we call the Protocol Compatibility Framework, which lets the OAM server communicate with and interpret protocol messages from the webtier agents mentioned above. This is an extensible framework so has the potential to support other clients or agents in the future. <br /><p>OAM 11g uses a combination of host cookies or domain cookies (depending on the version of Webgate you use), a server cookie, and an in-memory session store (based on <a href="http://bit.ly/c12MyS">Oracle Coherence</a> technology) to maintain and correlate user session information. </p>Since OAM 11g supports different Webgate versions and mod_osso, you will see different cookies depending on the version of Webgate being used, you will either see the ObSSOCookie (for 10g) or OAMAuthnCookie_host:port (for 11g).<br /><p><host:port>However in both cases, the contents of the cookies are:</host:port></p> <ul><li>Authenticated User Identity (User DN)</li><li>Authentication Level</li><li>IP Address</li><li>SessionID (Reference to Server side session – OAM11g Only)</li><li>Session Validity (Start Time, Refresh Time)</li><li>Session InActivity Timeouts (Global Inactivity, Max Inactivity)</li><li>Validation Hash</li></ul>These cookies are updated periodically using an algorithm of 1/4 of idle session timeout. There are two main differences between the 10g and 11g cookies: <ul><li>The 10g ObSSOCookie is domain scoped and cookie encryption uses a shared key for all 10g Webgates.</li><li>The 11g OAMAuthnCookie is hosted scoped and different host cookies may be issued for each resource accessed that is protected by a different 11g Webgate. Cookie encryption for each 11g Webgate is unique to that Webgate.</li></ul>The values of the cookies will change over the life of a user's session, however you'll notice that the Session ID that is present is a reference to the server side session object, which remains the same across the life of a session.<br /><p>In the typical deployment topology, you’ll have one or more Webgates deployed on web servers in the Web Tier, a variety of components deployed in the App Tier including an OAM admin server running on the Weblogic domain’s admin server, one or more OAM runtime servers deployed on Weblogic managed servers, a database to support the OAM policies, an LDAP directory against which you will authenticate users, an optional auditing database, and an optional BI Publisher instance for reporting.</p>Using an OAM 11g Webgate in the flow, let’s recap how this works:<br /><br />1) An OAM 11g Webgate intercepts the incoming request for a resource, determines whether the resource is protected, and – if it is – the OAM 11g server constructs and returns a response back to the Webgate. That response contains the authentication scheme required to authenticate the user.<br /><br />2) Next the Webgate sets a cookie (called OAM_REQ) to keep track of the target/requested URL and then redirects to the OAM 11g server, which routes the request to the credential collector. The credential collector serves up the login page, which captures credentials and posts the credentials to the OAM server. The credentials are validated against the ID store configured for this particular authentication scheme. Once the credentials are validated, the OAM server creates an authentication token, the session in Coherence, and creates a server side session cookie called the OAM_ID cookie, which has details about the user, the time the session was created, the idle timeout, and session identifier to the coherence session.<br /><br />3) Then the OAM server constructs a response which is encrypted with the Webgate's key and redirects to the Webgate. The Webgate decrypts the response, extracts the authentication token and the session identifier, and uses that information to set OAMAuthnCookie, which is set as a host cookie: OAMAuthnCookie_<host:port>. (In this step if you are using an OAM 10g webgate, the response from the server will contain the information required to set ObSSOCookie, if you are using mod_osso, the response will contain the information required to set the OHS host cookie.)<br /><br />4) When subsequent requests are made from that Webgate, the authentication token is passed by the Webgate to the OAM server, which validates the authentication token, checks the validity of the OAM_ID cookie and session timeout, and does the appropriate authorization checks. As the result of authorization checks, additional attributes may be added to HTTP Headers and passed to downstream applications. This is especially useful when asserting user identity and group or role information to downstream applications such as those running on <a href="http://bit.ly/bd3W9w">Oracle WebLogic Server</a> and <a href="http://bit.ly/hvpk0L">Oracle Fusion Middleware</a>.<br /><br />5) When requesting a resource protected by a second Webgate, the request flow will be similar to the above. Webgate2 will check if the resource is protected, and get the authn scheme details from the OAM server. From there WG2 redirects to the OAM server, the OAM server checks the OAM_ID cookie, and then generates a new authentication token for WG2, creates an encrypted response using the key for WG2, and redirects to WG2. WG2 decrypts the response, extracts the authentication token and session identifiers and sets an OAMAuthnCookie as a host cookie for WG2.</host:port></host:port>Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com9tag:blogger.com,1999:blog-4723197811614723818.post-53916321478990743462011-03-16T10:38:00.000-07:002011-03-16T10:52:51.913-07:00Updates to FFIEC Authentication GuidelinesThe <a href="http://www.ffiec.gov/">FFIEC</a> published <a href="http://www.bankinfosecurity.com/articles.php?art_id=3395">draft guidelines</a> that update their <a href="http://docs.ismgcorp.com/files/external/authentication_guidance_2005.pdf">2005 guidance</a> for authentication in Internet banking environments.<br /><br />This updated draft guidance calls for:<br /><br /><ul><li>More risk assessments for banks to better understand and respond to emerging threats, such as man-in-the-middle or man-in-the-browser attacks, as well as keyloggers;</li><li>Increased multifactor authentication;</li><li>Layered security controls;</li><li>Improved device identification and protection;</li><li>Improved customer and employee fraud awareness.</li></ul>The good news is that tools such as <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/index.html">Oracle Adaptive Access Manager</a> already provide many of the controls specified in the draft guidance. Check out the <a href="http://www.oracle.com/technetwork/middleware/id-mgmt/learnmore/oracle-ds-oaam-11gr1-173462.pdf?ssSourceSiteId=ocomen">datasheet</a> to see how OAAM can help meet the requirements of these updated guidelines.<br /><br />This updated FFIEC guidance is consistent with another trend we've seen: more precise, prescriptive regulations that organizations need to meet in order to be in compliance. Typically more prescriptive regulations are seen in industry segments like financial services (or other highly regulated industries like healthcare) and then gradually spread to other industry segments.Eric Leachhttp://www.blogger.com/profile/08625731894305941448noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-5885677965714394362011-03-16T00:16:00.000-07:002011-03-16T12:56:57.430-07:00Stronger Authentication Isn't The Answer<!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} </style> <![endif]--> <p class="MsoNormal"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} </style> <![endif]--> </p><p class="MsoNormal">It seems practically every day I hear the same question. “My company needs a strong form of authentication for users of our web applications but we don’t like the downsides of hardware tokens/smart cards/etc, what type of strong authentication is better?” The problem with this question is it’s generally based on the false assumption that adequate protection for web applications can be achieved by deployment of “strong” credential based authentication alone. Of course, I am not disparaging anyone asking this question since the underlying assumption has been engrained in us all and it’s been enforced by various regulations and corporate policies to boot. So what is the <i style="">best </i>answer to this question? </p> <p class="MsoNormal">Let’s start by breaking this down a bit. To clarify, I am using the term “credential based” authentication to refer to <i style="">all</i> authentication forms that verify a user’s identity by asking them to provide a credential. It really doesn’t matter if the “credential” is a password, one time password, biometric (typing rhythm/fingerprint/hand veins/iris/etc), or something else, they are all really just different types of authentication credentials in the end. So if a company chooses to simply substitute one form of credential for another they are not really increasing their security by much when considering all the types of threats. Some types of credentials and flows are stronger than others but there are threats that can’t be prevented even by the strongest of these. As well, there are soft and hard costs with such a change so a business better be substantially increasing their security not just swapping apples for nicer apples. </p> <p class="MsoNormal">Just a few of the threats that credential based authentication of any strength cannot address are insider fraud and session hijacking. How can a credential <i style="">prevent</i> an employee/contractor/user from misusing the access they have been granted? Likewise how can a credential prevent someone/something from taking control of a valid user’s session and misusing it? The reality is that credential based authentication and authorization alone simply can’t. To address such threats, contextual risk analysis must be part of the solution to be effective. </p> <p class="MsoNormal">A solution must actively “watch” the entire context of an access request to see what a user does and see how far their current behavior varies from their past “normal” behavior and/or the past behavior of all users. A solution must “learn” from past incidents what fraud/misuse looks like and identify how closely a situation matches to these past incidents. Also, a solution should be able to proactively interdict if the risk of a situation becomes too high. This risk-based interdiction may employee forms of credential based authentication that are both easy to use and an appropriate strength for the resource and level of risk at that moment. As well, interdiction could take the form of dynamic authorization policy adjustments based on the level of risk. To summarize, a company that wants strong access security for their web applications must take a more holistic approach which includes contextual risk analysis, risk-based strong authentication and risk-based authorization controls. <span style=""> </span></p> <p class="MsoNormal"><span style=""> </span></p>Mark Karlstrandhttp://www.blogger.com/profile/12108479578984476467noreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-14997046985904220982011-02-21T10:04:00.000-08:002011-02-21T10:09:24.475-08:00Register Today for Free Oracle Security Online Forum Feb. 24<p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><span style="font-size:85%;"><span style="font-weight: normal;">Oracle and Accenture are holding a new joint event focusing on security. The event will feature great line-up of speakers and sessions that will last from 9:00-1:00pm PT on Thursday, Feb. 24. The event will focus on Security topics that face the enterprise today. The event kicks-off with a keynote presentation detailing emerging security trends and where we think security is headed in the next decade. Please<a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122"> join us</a> for 30 minutes or the entire day.<br /></span></span></span></p> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><b><span style="font-size:85%;">Key Speakers:</span></b></span></p> <ul><li> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122"><span style="font-size:85%;"><b>Mary Ann Davidson</b></span></a><span style="font-size:85%;"><span style="font-weight: normal;">, Oracle’s Chief Security Officer, on industry-leading standards, technologies, and practices that ensure that Oracle products—and your entire system—remain as secure as possible.</span></span></span></p> </li><li> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122"><span style="font-size:85%;"><b>Jeff Margolies</b></span></a><span style="font-size:85%;"><span style="font-weight: normal;">, Partner, Accenture’s Security Practice—on key security trends and solutions to prepare for in 2011 and beyond.</span></span></span></p> </li><li> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122"><span style="font-size:85%;"><b>Vipin Samar</b></span></a><span style="font-size:85%;"><span style="font-weight: normal;">, Vice President of Oracle Database Security solutions—on new approaches to protecting data and database infrastructure against evolving threats.</span></span></span></p> </li><li> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122"><span style="font-size:85%;"><b>Tom Kyte,</b></span></a><span style="font-size:85%;"><span style="font-weight: normal;"> Senior Technical Architect and Oracle Database Guru—on how you can safeguard your enterprise application data with Oracle’s Database Security solutions.</span></span></span></p> </li><li> <p style="border: medium none; padding: 0in;"><span style="font-family:Arial, sans-serif;"><span style="font-size:85%;"><b><a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122">Nishant Kaushik</a>,</b></span><span style="font-size:85%;"><span style="font-weight: normal;"> Chief Identity Strategist—on how organizations can look to Oracle Identity Management solutions to help them reduce fraud and streamline compliance.</span></span></span></p> </li></ul> <p style="border: medium none; padding: 0in;"><b><span style="font-family:Arial, sans-serif;"><span style="font-size:85%;">Full List of Sessions: <a href="http://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby.jsp&eventid=280304&sessionid=1&partnerref=blogAccessMgnt&key=6A7152F62313CA09F77EBCEEA9B6294F&eventuserid=45591122">Look here for sessions tab for list</a></span></span></b></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-12792203703644838232011-02-18T16:08:00.000-08:002011-02-18T16:09:57.170-08:00Cloud Security Grows Up! Gmail and Two Factor Authentication<p><img src="https://encrypted.google.com/images/logos/ssl_logo_lg.gif" align="left" height="67" width="169" />A great leap forward for security and the cloud. Google announced last week that they will support two factor authentication within there very popular <a href="http://www.blogger.com/www.gmail.com">Gmail</a> application. I have used Gmail for years and have enjoyed how it has provided innovation within a very important aspect of communication. However, security has been a secondary consideration within the innovation life-cycle. They were one of the first to institute security questions but this is not enough these days. Especially after high-profile people have had email accounts hacked with similar security features (e.g. <a href="http://www.wired.com/threatlevel/2008/09/palin-e-mail-ha/">Sarah Palin</a>).<br /></p> <p>So here is the way that it works. Go to <a href="https://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284">this page</a> on Google's help site and they will walk you through the options. What is great about the way <img src="http://www.google.com/images/icons/feature/padlock-b100.png" align="right" />they have implemented the system is that no matter what your phone situation they have you covered. So, even those with a simple land-line to the house can benefit from the increased security. The real question is whether the users will take security seriously enough to take the 5 minutes to configure.</p> <p>Google has been more committed than most to the importance of security. I encourage you all to read their philosophy on security. You can read more about their philosophy<a href="http://www.google.com/corporate/security.html"> here</a>.<br /></p><br /><p> </p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-64734994888525536502011-02-10T16:51:00.000-08:002011-02-10T17:04:32.769-08:00Oracle @ RSA<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://www.facebook.com/safe_image.php?w=90&h=90&url=http%3A%2F%2Ftinyvox.com%2Fweb%2Fdesktop%2Fthemes%2Ftinyvox%2Fimages%2Ftape_sidebar.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 90px; height: 61px;" src="https://www.facebook.com/safe_image.php?w=90&h=90&url=http%3A%2F%2Ftinyvox.com%2Fweb%2Fdesktop%2Fthemes%2Ftinyvox%2Fimages%2Ftape_sidebar.png" alt="" border="0" /></a>Download a podcast of our planned activities <a href="http://tinyvox.com/cTd">here</a>.<br /><br />We are excited about RSA next week. We are excited because of the great gathering of geeks focused on security but also because of the especially strong line-up of speakers. Not only will there be a strong line-up of speakers, <a href="https://365.rsaconference.com/community/speakers">Janet Napolitano</a> the <a href="http://www.dhs.gov/index.shtm">US Department of Homeland Security</a>,<a href="http://www.fbi.gov/"> FBI</a> Director <a href="https://365.rsaconference.com/community/speakers">Rober Mueller</a>, and <a href="https://365.rsaconference.com/community/speakers">Howard Schmidt</a> from <a href="http://www.dhs.gov/xabout/structure/editorial_0839.shtm">US Cybersecurity</a> are just a few. But we will also have a strong line-up of Oracle speakers:<br /><br /><span style="font-weight: bold;">On Wednesday, Feb. 16 at 8:30am:</span><br /><a href="http://eventreg.oracle.com/webapps/events/ns/EventsDetail.jsp?p_eventId=127657&src=6967733&src=6967733&Act=12">Cloud Computing: A Brave New World for Security and Privacy</a> (CLD-201)<br />Speaker: Michelle Dennedy , Vice President, Security and Privacy Solutions, Oracle<br /><br /><span style="font-weight: bold;">Thursday, February 17 at 8:30 AM</span><br /><a href="http://eventreg.oracle.com/webapps/events/ns/EventsDetail.jsp?p_eventId=127657&src=6967733&src=6967733&Act=12">Databases Under Attack - Securing Heterogeneous Database Infrastructures (DAS-301)</a><br />Speaker: Vipin Samar ,Vice President, Oracle Database Security, Oracle<br /><br /><span style="font-weight: bold;">Friday, February 18 at 10:10 AM</span><br /><span style="font-weight: bold;"> </span><a href="http://eventreg.oracle.com/webapps/events/ns/EventsDetail.jsp?p_eventId=127657&src=6967733&src=6967733&Act=12">Seven Steps to Protecting Databases (DAS-402)</a><br />Speaker: Steve Moyle , Chief Technology Officer, Oracle Database Firewall, Oracle<br /><br />Scott Gaetjen, book co-author: Applied Oracle Security : Developing Secure Database and Middleware Environments will be signing books at the Oracle booth on the following days.<br /><ul><li>Tuesday, February 15, 12:00pm-1:00pm and 5:00-6:00pm</li><li>Wednesday, February 16, 12:00pm-1:00pm and 5:00-6:00p</li></ul><br />Oracle will have a booth at the expo hall throughout the event so please come by and share, learn and participate with us at the event.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-69522306950401513932011-02-08T09:43:00.000-08:002011-02-08T09:51:07.134-08:00Oracle Security Online Forum & RSA Conference<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://static.technorati.com/10/08/09/15923/Green-Bay-Packers.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 125px; height: 125px;" src="http://static.technorati.com/10/08/09/15923/Green-Bay-Packers.jpg" alt="" border="0" /></a><br />February is a great month! Not only did we get to see a great Super Bowl last weekend between Pittsburgh and Green Bay but we have the inaugural Oracle Security Online Forum (Feb. 24) and the RSA Conference at Moscone Center (Feb. 14-19). Yes, this means that Valentines Day will be celebrated in San Francisco - great reason to bring the wife along - but also that a large number of security geeks will be in the city as well.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.rsaconference.com/images/logorsa.gif"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 359px; height: 35px;" src="http://www.rsaconference.com/images/logorsa.gif" alt="" border="0" /></a><br />We will have a booth at the RSA Conference and we have over 40 people involved in the show speaking, attending and participating. Please feel free to drop by and let us know what you are working on or to get questions answered. This is one of the best collection of security professionals in the industry so don't miss the opportunity to participate.<br /><br />The <a href="http://bit.ly/gyJns7">Oracle and Accenture Sec</a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFQg3eNKu5JsxA5pVVvYmVngxBoiz91KFqgoQ3_g1PNR4bItSuUY5RPkeu-e_3AvKWMiIGJrSSh3QMjUT9xQVtvDlJtaM2n1srvC2V7R80jYa28tYSdYE9pksRUdRN6BwqpYoDPLdhYAOA/s1600/security_800.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 160px; height: 40px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFQg3eNKu5JsxA5pVVvYmVngxBoiz91KFqgoQ3_g1PNR4bItSuUY5RPkeu-e_3AvKWMiIGJrSSh3QMjUT9xQVtvDlJtaM2n1srvC2V7R80jYa28tYSdYE9pksRUdRN6BwqpYoDPLdhYAOA/s320/security_800.jpg" alt="" id="BLOGGER_PHOTO_ID_5571377466357307346" border="0" /></a><a href="http://bit.ly/gyJns7">urity Online Forum</a>, Thursday Feb. 24, will be a virtual seminar with security leaders from Oracle and Accenture sharing insights on how to secure enterprise assets. Here are some of the great speakers from the event but for a complete list and to register go <a href="http://bit.ly/gyJns7">here.</a><br /> <ul type="disc"><li><strong>Mary Ann Davidson, Oracle’s Chief Security Officer—</strong>on<strong> </strong>industry-leading standards, technologies, and practices that ensure that Oracle products—and your entire system—remain as secure as possible.</li><br /> <li><strong>Jeff Margolies</strong>, <strong>Partner, Accenture’s Security Practice</strong>—on key security trends and solutions to prepare for in 2011 and beyond.</li><br /> <li><strong>Vipin Samar, Vice President of Oracle Database Security solutions – </strong>on new approaches to protecting data and database infrastructure against evolving threats.</li><br /> <li><strong>Tom Kyte, Senior Technical Architect and Oracle Database Guru</strong>—on how you can safeguard your enterprise application data with Oracle’s Database Security solutions.</li><br /> <li><strong>Nishant Kaushik, Oracle’s Chief Identity Strategist</strong> on how organizations can look to Oracle Identity Management solutions to help them reduce fraud and streamline compliance.</li></ul>I hope you will join us at one of the events this month to share, learn and participate. There are exciting times facing security professionals and sharing and participating is how we all learn more about how to have a better and more successful business impact.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-64474054843873507962011-01-25T09:11:00.000-08:002011-01-25T09:32:29.690-08:00Forrester and Oracle Team-up to present Total Economic Impact ReportIt's still a tough economic environment and organizations we talk to are conscious of two things. How can they maximize limited resources? And, how can they maximize business impact? It is perfect timing that <a href="http://www.forrester.com/rb/analyst/andras_cser">Andras Cser</a> from Forrester Research and<a href="https://identigov.wordpress.com/2011/01/10/forrester-study-the-total-economic-impact-of-oracle-identity-analytics/"> Neil Ghandi</a> from Oracle will be presenting a free webinar on the Total Economic Impact of deploying Oracle Identity Analytics.<br /><br />Her is one of the facts that emerged from the research. When teams are just sailing along implementing technology that looks good on paper it is imperative to have real customer case studies to confirm data. In this report, customer's achieved a risk adjusted ROI of 60%.<br /><br />You can hear how they derived this remarkable result in the free webinar tomorrow at 12:00pm PT/3:00pm ET.<br /><br />You can register <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1002777&K=CAA1DC">here</a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.forrester.com/role_based/images/author/imported/forresterDotCom/Analyst_Photos/Silhouette/Color/Andras-Cser.gif"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 126px; height: 126px;" src="http://www.forrester.com/role_based/images/author/imported/forresterDotCom/Analyst_Photos/Silhouette/Color/Andras-Cser.gif" alt="" border="0" /></a><a href="http://www.forrester.com/rb/analyst/andras_cser">Andras Cser, </a><br />Sr. Analyst with Forrester Research<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://secure.gravatar.com/avatar/584bb30598b37b7ca564e6ced17240be?s=128&d=identicon&r=G"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 128px; height: 128px;" src="https://secure.gravatar.com/avatar/584bb30598b37b7ca564e6ced17240be?s=128&d=identicon&r=G" alt="" border="0" /></a><a href="https://identigov.wordpress.com/2011/01/10/forrester-study-the-total-economic-impact-of-oracle-identity-analytics/">Neil Ghandi</a><br />Product Manager, Oracle Identity AnlyticsUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-77339538845850934572011-01-20T09:35:00.000-08:002011-01-25T13:36:35.352-08:00OpenID 2.0 and Oracle Identity Federation - More DetailThanks to everyone for attending the webinar yesterday. Mark did a great job talking about how to build a comprehensive extranet security strategy. Get access to the replay <a href="http://bit.ly/hVUpt4">here</a>. He also talked a little about the OpenID 2.0 inclusion in Oracle Identity Federation. <br /><br />This next blog post is for the geeks in the audience (thats a good thing). With the new support for OpenID 2.0 in OIF I wanted to share some of the documents that are available for you to configure your deployments and start using this great new feature. So, if you like diagrams like the one below there is a technical whitepaper and two configuration documents for you listed below:<br /><br /><img style="width: 495px; height: 319px;" class="alignleft" title="OpenID Processing Flow" src="http://download.oracle.com/docs/cd/E17904_01/oim.1111/e13400/img/sfsag_jd_001.gif" alt="" /><br /><br />Here are the other assets:<br /><li> <a href="http://www.oracle.com/technetwork/middleware/id-mgmt/identity-federation-wp-129458.pdf"> Technical Whitepaper on OpenID 2.0 in OIF</a></li><br /><li> <a href="http://download.oracle.com/docs/cd/E17904_01/oim.1111/e13400/configoif.htm#BAJJDBHA">Confiuration of OpenID IdP in OIF 11gR1 PS3 </a></li><br /><li><a href="http://download.oracle.com/docs/cd/E17904_01/oim.1111/e13400/configoif.htm#BAJGABBG"> Configuration of OpenID RP in OIF 11gR1 PS3</a></li>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-21996521816853479312011-01-18T08:31:00.000-08:002011-01-18T08:32:10.112-08:00OpenID 2.0 Supported by Oracle Identity Federation<a name="_Toc282771761"></a><a href="http://www.oracle.com/us/dm/63218-wwmk10035439mpp031c003-se-197429.html"> Mark Karlstrand </a>will be giving a free webinar tomorrow, Wednesday Jan. 19 at 10:00am PT or 1:00pm ET, on how to build a complete extranet security strategy. Part of the discussion will be on how to connect to the cloud securely. This is perfect timing because the <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-federation/index.html">Oracle Identity Federation</a> product team just released a feature patch that allows them to now support OpenID 2.0. You can register <a href="https://www.sans.org/webcasts/extranet-security-5-steps-comprehensive-strategy-94133?utm_source=offsite&utm_medium=misc&utm_content=20110119_WC_Oracle_20110119_WC_Oracle_1&utm_campaign=Oracle_Webcast&ref=68178">here</a> for the webinar tomorrow. Below is a brief description of why this is important to companies that want to offer this service to their users.<br /><br />OIF supports both Relaying Party and OpenID Provider in accordance to recent OpenID 2.0 specification. It enables organizations to start accepting OpenID from leading providers such as Yahoo and Google or to become OpenID provider in a matter of hours. With OIF users can leverage their corporate identity at OpenID-enabled blogging sites and socials networks, such as Facebook.<br /><br /><a href="http://nickwooler.files.wordpress.com/2011/01/clip_image002.jpg"><img class="alignleft size-medium wp-image-193" title="OpenID 2.0 Supported by OIF" src="http://nickwooler.files.wordpress.com/2011/01/clip_image002.jpg?w=300" alt="OIF supports OpenID 2.0" height="210" width="300" /></a><br /><br /><a name="_Toc282771762">Custom Actions</a><br /><br />OIF Custom Actions enable site-specific operations to be executes during federated authentication flows. It gives organizations additional flexibility to implement authentication process that meets their specific security and business needs.<br /><br />Both Identity Providers and ServiceProviders can benefit by Custom Actions to streamline integrations and reduce application deployment time.<br /><br />For example, Custom Actions can be used by Identity Providers to dynamically generate additional user attributes, which are not stored in directory or database. The generated attributes can be then added to an attribute statement and sent to a Service Provider. Service Providers can leverage Custom Actions to manipulate identity data received from the Identity Providers and prepare it for consumption by applications or homegrown security tools.<br /><br />Developing Custom Actions does not require extensive knowledge of federation protocols; they are simple J2EE modules. Once developed, a single Custom Action can be leveraged to customize authentication flows over any protocol supported by OIF.<br /><br />Hope you will join us tomorrow to discuss this great new feature in OIF.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-79884815015488889442011-01-05T10:36:00.000-08:002011-01-20T10:43:53.781-08:002010 Identity Management In ReviewIt has been a busy year in Identity Management so I thought I would collect some of the major events that have impacted 2010. Security and Identity Management continue to be important drivers for organizations. I am not sure who exactly coined the term but security/identity management is definitely a "lifestyle" more than a product or release. The market and products continue to evolve to address top IT and consumer forces that are shaping security and business in 2010 and beyond. Here are just four of the key forces:<br /><ol><li>Cloud Computing</li> <li>Social Media</li> <li>Data Center Consolidation</li> <li>Mobile Devices and Workforce</li></ol>As a result, we had a very busy 2010 and made Identity Management an exciting segment of the IT market to work. Here are just a few of the events that shaped my world:<br /><ol><li> Oracle and Sun join forces in Identity Management, Feb. 2010. <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-directory-services/index.html">Oracle Directory Services Enterprise Edition</a> and <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-analytics/index.html">Oracle Identity Analytics</a> are strategic projects.</li><br /><li>Oracle Launches <a href="http://www.oracle.com/newsletters/samples/security-inside-out.html">Security Newsletter</a> with 22K initial readers, April 2010. The newsletter focuses on security news and products at Oracle.</li><br /><li>Oracle Identity Management at <a href="http://www.catalyst.burtongroup.com/Na10/CatLive.html">Burton Catalyst 2010</a>. This years show was fantastic but a little different as it was the first Burton Catalyst under <a href="http://www.gartner.com/">Gartner</a>. It contained great insight into the evolution of the industry and with the other tracts on Cloud, Collaboration and Data Center Management it had something for everyone. The show is scheduled to run in 2011 so we look forward to seeing it evolve.</li><br /><li><a href="http://event.on24.com/event/15/02/99/rt/products-identity-management.html?eventid=150299&sessionid=1&partnerref=idm17&key=409AAB2E4D0C341FD02DC012B04173EB&param2=products-identity-management.html&eventuserid=41057341">Oracle Launches 11g for Identity Management</a>, July 2010. The launch included new features for the entire identity management platform and specifically for the following products: <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-access-manager/index.html">Oracle Access Manager</a>, <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/index.html">Oracle Adaptive Access Manager</a> and <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-manager/index.html">Oracle Identity Manager</a>.</li><br /><li><a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-directory-services/index.html">Oracle Directory Services Enterprise Edition</a> and <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-access-manager/index.html">Oracle OpenSSO</a> complete new releases which include new branding.</li><br /><li>Launched a new blog focused on Identity Governance called Identity Expressions<br /></li><br /><li>Launched a new product in the Identity Governance category called <a href="http://www.oracle.com/us/products/middleware/identity-management/security-governor-healthcare-168615.html">Security Governor</a>. This product will help verticals like Healthcare take a holistic approach to security and identity.</li><br /><li><a href="http://www.oracle.com/us/openworld/062343.html">Oracle Open World</a> had over 25 sessions on Identity Management with over 200 people attending the <a href="http://www.eventreg.com/cc250/sessionDetail.jsp?SID=317241">Identity Management Keynote</a>.</li><br /><li>Oracle acquires <a href="http://www.oracle.com/us/corporate/press/176326">Passlogix</a>. After a very successful OEM relationship Oracle acquired Passlogix and continues to offer the <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-enterprise-sso/index.html">Enterprise Single Sign-on Suite</a> to it's customers.</li></ol>2011 should be a great year and the start to a great new decade. I can predict one thing for sure. The Identity Management market will continue to evolve as new security challenges and new IT and consumer forces impact our solutions. Identities are key to any valuable transaction for business, consumers, partners, etc. Data is dumb when it is just data. When it is tied to an Identity it is much smarter and many, many times more valuable. Just ask Facebook, Google, etc. Identity Management is about putting people and business in control and if we make it easy for business and people to manage and implement then Identity Management will be critical to th<a href="https://identigov.wordpress.com/"></a>eir success.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-74099645384013693512010-12-06T07:55:00.000-08:002010-12-06T07:56:18.856-08:00Kuppinger Cole Webcast on Access Management ApplianceIn case you missed it, Kuppinger Cole hosted a webinar with one of our partners F5 on the value of their Access Management appliance called BigIP. BigIP helps organizations deploy access management solutions faster by reducing the number of agents that have be deployed. This saves time and money when standing up a new access management solution or leveraging an existing solution for more of your applications within the enterprise.<br /><br />You can watch the webinar <a href="https://www.kuppingercole.com/watch/howto_access_management_scale" target="_blank">here</a>: <a href="https://www.kuppingercole.com/events/n40126"><img class="alignnone" title="Watch Now" src="https://www.kuppingercole.com/images/watch_en.jpg" alt="" height="24" width="79" /></a><br /><br /><strong>European Identity Conference</strong><br /><br /><a href="http://www.id-conf.com/eic2011"><strong><img class="alignleft" title="European Identity Conference" src="https://www.kuppingercole.com/images/eic11_square_banner.gif" alt="" height="89" width="112" /></strong></a>While you are on the KC site you should think about registering for the European Identity Conference in May. It will be just around the corner and getting international travel approved is never easy. It is a great conference!Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-51095332916570499122010-10-18T09:20:00.000-07:002010-10-18T09:22:02.604-07:00University Breach Rasises Questions About Fraud Prevention<p>There are several news articles in today's press that remind us all of the damage and cost of not having the right security defenses in place. A study by the National Fraud Authority as reported in <a target="_blank" href="http://www.theregister.co.uk/">The Register</a> claims that the UK loses $4.13B to Identity Fraud each year. According to the report the average theft results in $1530 in benefit to the thief. In these tough economic times, this is a dramatic drain on scarce resources and should underline why business should ensure they have the right fraud prevention and access management strategy in place to protect their customers.<br /></p> <p>The second article has to do with the recent breech at the <a href="http://www.computerworld.com/s/article/9191458/University_of_North_Florida_breach_exposes_data_on_107_000_individuals">University of North Florida</a> had a breech which compromised over 100 thousand identities. Universities continue to struggle with identity security with a number of breeches over the last 5 years which have hit the headlines. The University has unique challenges with the number of students/identities that turn-over year quarter or semester. In some cases this is close to 25% per quarter or year. In addition, the students in some computer labs are inquisitive and experimenting with the latest hacks challenging even the toughest security measures. Ask any Network Admin at a major university about application and network security and you will hear some amazing stories. In some cases, way more exciting than corporate network security. However, this is a side-topic for another blog entry sometime.<br /></p> The key to ensuring that you have the right level of protection is adding an additional layer of security and <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-ada-access-mgr/index.html">Oracle Adaptive Access Manager</a> is a great solution for this purpose. Ensuring you have tools that allow for real-time response to rules you define on access helps prevent unauthorized access to applications and network resources. In addition, you can use features like One-Time Password to layer authentication security on key resources to ensure you combine something you know with something you have to improve security. Here is a quick intro to how Oracle Adaptive Access Manager can help.<br /><br /><object id="flashObj" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0" height="322" width="486"><param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1"><param name="bgcolor" value="#FFFFFF"><param name="flashVars" value="videoId=180367669001&playerID=1640183659&playerKey=AQ%2E%2E,AAAAAFcSbzI%2E,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3&domain=embed&dynamicStreaming=true"><param name="base" value="http://admin.brightcove.com"><param name="seamlesstabbing" value="false"><param name="allowFullScreen" value="true"><param name="swLiveConnect" value="true"><param name="allowScriptAccess" value="always"><embed src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1" bgcolor="#FFFFFF" flashvars="videoId=180367669001&playerID=1640183659&playerKey=AQ%2E%2E,AAAAAFcSbzI%2E,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3&domain=embed&dynamicStreaming=true" base="http://admin.brightcove.com" name="flashObj" seamlesstabbing="false" type="application/x-shockwave-flash" allowfullscreen="true" swliveconnect="true" allowscriptaccess="always" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" height="322" width="486"></embed></object>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4723197811614723818.post-40301376976660584472010-10-01T14:32:00.000-07:002010-10-01T14:35:13.978-07:00Zeus Brought Down by Operation Trident Beach<p> </p> I am finally caught up after a great week last week at <a href="http://www.oracle.com/us/openworld/index.html">Oracle Open World</a>. And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the <a href="http://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29">Zeus Trojan</a> to steal allegedly $70M. Details are still coming out but according to this article by <a href="http://www.theregister.co.uk/">The Register</a> the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally. One thing is for sure you have to admire the naming capabilities of the team which came up with<a href="http://www.fbi.gov/pressrel/pressrel10/tridentbreach100110.htm"> "Operation Trident Beach"</a> which shows marketing doesn't have a monopoly on naming talent. Here is a quick paragraph taken from The Register article (<a href="http://www.theregister.co.uk/2010/10/01/zeus_kingpin_arrest/">full text here</a>): <br /> <blockquote style="background-color: rgb(255, 255, 16);"> Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system. <p>The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals. </p> </blockquote> <p style="background-color: rgb(255, 255, 255);">I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening. According to Mark: "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics." As more details come out about the cyber-crime ring and Zeus we will bring you details. <br /></p> <p> </p>Unknownnoreply@blogger.com0