Copyright 2006, Oracle. All rights reserved.

Introduction to
Oracle Identity and Access Management
Copyright 2006, Oracle. All rights reserved. 1 - 2
Objectives
After completing this lesson, you should be able to
describe the following:
Benefits of identity management
Identity management concepts and terminology
Oracle Identity and Access Management Suite
components
Copyright 2006, Oracle. All rights reserved. 1 - 3
Enterprise Identity Management
Supply chain
Security
administrators
Directory
Access control
Provisioning
User admin
Employees
Service provider
Customers
Auditing
compliance
Self-service
Federation
Web Services Security
Copyright 2006, Oracle. All rights reserved. 1 - 4
What Is Identity Management?
Identity management (IM) is a system of business
processes, policies, and technologies that:
Facilitate and control user access to online applications
and resources
Protect confidential and personal information from
unauthorized users
Identity management solutions represent a category of
interrelated solutions that are used to administer:
User authentication, account profiles, and passwords
Access rights and restrictions
Other attributes that support user roles and profiles on
one or more applications or systems
Copyright 2006, Oracle. All rights reserved. 1 - 5
Benefits of Identity Management
Identity management technologies can provide benefits
in the following areas:
Reduction of security risks

Improved end-user experience

Regulatory compliance

Business agility

Cost containment
Copyright 2006, Oracle. All rights reserved. 1 - 6
Identity Management: Terminology
Identity management
policies
Authorization policies
Policy decision services
Identity management
realms
Centralized assertion
services
Identity policy assertion
services
Identity
Entitlements
Authentication
Authorization
Identity database
Security principals
Identity provisioning
Account provisioning
Identity administration

Copyright 2006, Oracle. All rights reserved. 1 - 8
Identity Management Functionality
Identity management products provide the following types
of functionality:
Web Services
Security
Directory
Services
Federation
Provisioning
Access
Management
Identity
Administration
Copyright 2006, Oracle. All rights reserved. 1 - 9
Overview of Oracle Identity
and Access Management Suite
Oracle Internet
Directory
Oracle
Virtual
Directory
Oracle Access
Manager
Oracle Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
Copyright 2006, Oracle. All rights reserved. 1 - 10
Oracle Product Functionality Matrix
This table summarizes the identity management functions
that are provided by Oracle Identity and Access
Management components.
Functionality Component
Directory Services Oracle Internet Directory
Oracle Virtual Directory
Identity Administration
and Provisioning
Oracle Access Manager
Oracle Identity Manager
Access Management Oracle Access Manager
OracleAS Single Sign-On
Federation Oracle Identity Federation
Oracle Web Services Manager
Web Service Security Oracle Web Services Manager
Copyright 2006, Oracle. All rights reserved. 1 - 11
Directory Services
The directory services are provided by:
Oracle Internet Directory and
Oracle Directory Integration
Platform
Oracle Virtual Directory
Oracle Internet
Directory
Oracle
Virtual
Directory
Oracle Access
Manager
Oracle
Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
Copyright 2006, Oracle. All rights reserved. 1 - 12
Oracle Internet Directory
Oracle Internet Directory:
Is an LDAP directory that is implemented in an Oracle
database
Serves as the central repository for identity and
access management
Is a key component of:
OracleAS Portal
Oracle E-Business Suite
Oracle Collaboration Suite
Oracle Internet Directory
Copyright 2006, Oracle. All rights reserved. 1 - 13
Oracle Directory Integration Platform
Oracle Directory Integration Platform is designed to
synchronize identity data across compatible Oracle
products.
It can be used for synchronizing data between Oracle
Internet Directory and other LDAP directories.
The application integration feature enables automatic
notification of identity entry changes to the target
applications.
Copyright 2006, Oracle. All rights reserved. 1 - 14
Oracle Virtual Directory
Oracle Virtual Directory:
Enables real-time data joins from multiple locations
and presents data as a single logical directory (known
as the metadata directory)
Can provide an application-specific view of identity
data
Enables integration of identity
data without:
Changes to existing directories
Need for synchronizing data
between directories
Oracle Virtual Directory
Copyright 2006, Oracle. All rights reserved. 1 - 15
Identity Administration and Provisioning
The Oracle Identity
Management product set
comprises Oracle
Identity Manager and
Oracle Delegated
Administration Services.
This set addresses
automation of identity
provisioning,
compliance, and
enforcement of policies.
Oracle Internet
Directory
Oracle
Virtual
Directory
Oracle Access
Manager
Oracle Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
Copyright 2006, Oracle. All rights reserved. 1 - 16
Oracle Identity Manager
Oracle Identity Manager enables you to automate user
identity provisioning and deprovisioning.
Identity provisioning also helps reduce administration
costs.
Oracle Identity Manager provides attestation support.
Attestation also enables automation
of delegation, tracking, archiving,
and auditing of access.
Oracle Identity Manager
Copyright 2006, Oracle. All rights reserved. 1 - 17
Oracle Delegated Administration Services
Oracle Delegated Administration Services are part of
Oracle Internet Directory.
It has administrative interfaces for Oracle products
such as OracleAS Portal, Oracle Collaboration Suite,
Oracle Database Security Manager, and Oracle
E-Business Suite.
It has a self-service console that enables end users and
application administrators to search and manage data
in Oracle Internet Directory.
Copyright 2006, Oracle. All rights reserved. 1 - 18
Access Management
Access management enables enterprises to design and
implement authentication
and authorization.
Access management
products include:
Oracle Access Manager
Oracle Identity Federation
OracleAS Single Sign-On

Oracle Internet
Directory
Oracle
Virtual
Directory
Oracle Access
Manager
Oracle Identity
Federation
Oracle Identity
Manager
Oracle
Application Server
Single Sign-On
Oracle Web
Services
Manager
Copyright 2006, Oracle. All rights reserved. 1 - 19
Oracle Access Manager
Oracle Access Manager:
Provides Web-based identity and access administration
Can be used to administer user identities in a number
of directory repositories
Supports popular authentication methods
Oracle Access Manager
Copyright 2006, Oracle. All rights reserved. 1 - 20
Oracle Application Server Single Sign-On
OracleAS Single Sign-On:
Provides a single sign-on and sign-off facility for
Oracle and third-party Web applications
Provides a lightweight authentication solution
for Oracle products such as Oracle Portal and Oracle
Collaboration Suite
Can also be used to authenticate identities in other
repositories, such as Active Directory
Copyright 2006, Oracle. All rights reserved. 1 - 21
Oracle Identity Federation
Oracle Identity Federation:
Combines the ease of a stand-alone application with a
scalable, standards-based interoperable architecture
Helps corporations securely link their operations with
partners
Oracle Identity Federation
Copyright 2006, Oracle. All rights reserved. 1 - 22
Oracle Application Server Infrastructure:
Components
Oracle Application Server Infrastructure comprises the
identity and access management products:
Oracle Internet Directory
Oracle Directory Integration
Platform
Oracle Application Server
Single Sign-On
Oracle Delegated
Administration Services
Copyright 2006, Oracle. All rights reserved. 1 - 23
Summary
In this lesson, you should have learned to describe the
following:
Benefits of identity management
Identity management concepts and terminology
Oracle Identity and Access Management Suite
components