Oracle Identity and Access Management Suite Rafael Torres

Oracle Identity and Access Management Suite Rafael Torres Sr. Solutions Architect rafael. torres@oracle. com

Identity Management Business Value “Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling regulatory compliance. ”

Business Challenges • Trusted and Reliable Security • Efficient Adherence to Compliance • Lower Administrative and Development Costs • Enable Online Business Networks • Better End-User Experience

Regulatory Compliance • Privacy & Security Regulations • • • Safe Harbor laws (EU & others) Gramm Leach Bliley Act (GLB-Act) US Patriot Act HIPAA US Homeland Security Policy Directive (HSPD-12) • Financial & Market Regulations • • SOX (Sarbanes-Oxley or Sarb. Ox) Japanese SOX (expected in 2008) Basel II UK Companies Act

Oracle Differentiators ü Most Comprehensive, Best-In-Class Suite ü Hot-pluggable and Open ü Application Centric Identity Management

Oracle Identity Management Best-of-breed, Complete & Differentiated Portfolio Area Oracle Sun CA HP IBM Oracle Identity Federation P Web Access Mgmt Oracle Access Manager Web Svcs Security Oracle Web Services Manager Oracle Enterprise Single Sign-On P Del Admin Oracle Access Manager Pwd. Mgmt. Oracle Identity Manager Provisioning Oracle Identity Manager Oracle Smart. Roles (TBA) NOVL Federation BMC P P P Directory Integration Platform Auth. N/PKI Oracle Certificate Authority Virtual Dir Oracle Virtual Directory Oracle Internet Directory ESSO Ent. Role Mgmt Meta P P • P = Partnership Faster ROI Higher Quality Lower Risk

Hot-pluggable, Heterogeneous Support Portals Application/Web Servers Applications Groupware Directories Operating Systems ACF-2 & TSS RACF

Application-Centric Identity Management • Comprehensive, loosely coupled, out-of-the-box integrations with business applications • An integral component of a wider application development and deployment framework • Architected for future SOA application environment • Identity management as a re-usable service for all applications

Oracle Identity and Access Management Suite Overview

Key Areas of Identity Management • Access Control • • Single Sign-On Identity Federation Web Access Control Web Services Security* • Identity Administration • User, Role Management • User Provisioning • Identity Infrastructure • Virtual Directory • Directory *Oracle Web Services Manager licensed separately from the Identity and Access Management Suite

Enterprise Identity Management External SOA Applications Internal Delegated Admin Customers Partners IT Staff Employees SOA Applications Identity Management Service Access Management Identity Administration • Authentication & SSO • Authorization & RBAC • Identity Federation • Delegated Administration • Self-Registration & Self-Service • User & Group Management Auditing and Reporting Monitoring and Management Policy and Workflow Directory Services Identity Provisioning • LDAP Directory • Meta-Directory • Virtual Directory • Agent-based • Agentless • Password Synchronization Applications Systems & Repositories ERP CRM OS (Unix) HR Mainframe NOS/Directories

Oracle Identity Manager • Features • Automated user provisioning and de-provisioning • Rich, flexible connector framework • User-friendly request & policy wizards • Sophisticated workflow & reconciliation engines HRMS User created • Unique compliance automation & reporting • Benefits • • • Reduced administration cost Improved end user experience Critical for regulatory compliance Improved security or removed in HR system Differentiators • Enables compliance via comprehensive audit history and periodic attestation framework • Powers largest global provisioning implementation by number of targets • Adapter Factory significantly lowers the TCO of customers’ solutions over time Workflow; Assign or revoke roles, privileges Application Driven Identity Business System Applications Provision accounts and access rights

Oracle Identity Federation • Features • • Benefits • • Identity and trust sharing across business partners, both as Service Provider (Hub) or Identity Provider (Spoke) Lightweight, multi-protocol gateway – SAML, Liberty, WS-Federation Integrates with leading Identity Management platforms Reduced cost of interaction between business partners Reduce administration cost Deliver improved end user experience Differentiators • • Self-contained, easy to deploy solution Flexible deployment configurations Rich, 100% web-based configuration interfaces for improved administrator and end user experience Proven scalability - large production deployments

Oracle Internet Directory • Features • • • Benefits • • • Full feature LDAP server with a RDBMS data-store Industry leading scalability and HA capabilities Strong Oracle Platform integration VSLDAP certified and EAL 4 compliant Reduced operational cost with Oracle Grid support Seamless integration with Oracle Applications and Products Differentiators • • RDBMS backend provides proven scalability & performance Rich, built in auditing of all events and operations Flexible data replication and redundancy features Ships with built-in directory integration functionality

Oracle Virtual Directory • • • Features • Virtualization, Proxy, Join & Routing capabilities • Modern Java & Web Services technology • Superior extensibility • Scalable multi-site administration • Direct data access Benefits • Perform Real-time directory integration • Accelerate application deployment • Lower development costs Differentiators • Lightweight & flexible architecture • Supports true virtualization without local cache, enabling stringent policy or privacy requirements • Modular architecture supports the addition of connectors to a wide array of identity stores LDAP WEB SERVICES WEB GATEWAY VDE DIRECTORY ENGINE JOIN VIEW Local Store LDAP DB NT Custo m

Oracle Access Manager • Features • Multi-level, multi-factor authentication • Web and App server level authorization • Workflow driven Self-service & Delegated administration • Services-based architecture eases integration with existing IT infrastructure Authentication • Benefits • Policy-based access management • Centralized and consistent security across heterogeneous environments • Reduced administration cost • Increased IT governance and compliance readiness Authorization • Differentiators • Administrative scalability via workflow and delegation • Access control leverages up to date identity information • Comprehensive auditing to a common database Identity Admin

Oracle Enterprise Single Sign-on (ESSO) Suite • Oracle ESSO Logon Manager is an event-driven single sign-on solution that eliminates the need for end users to remember and manage their sign-on credentials • Oracle ESSO Password Reset enables end users to reset their Windows password from a locked workstation (note: also available stand-alone) • Oracle ESSO Authentication Manager enables end users to authenticate with forms of strong authentication and grant specific levels of access based on the form of authentication • Oracle ESSO Provisioning Gateway enables OIM to add, edit and delete credentials within an end user’s Oracle ESSO credential store • Oracle ESSO Kiosk Manager provides fast user switching and sign-on/sign-off support for kiosk users

Oracle Identity and Access Management Suite Case Studies

Case Study – Manitoba Telecom Services BUSINESS CHALLENGE ORACLE SOLUTION • Needed to integrate and rapidly deploy new and old services (Internet, mobile, TV, content, local phone, and long distance phone) • Needed to provide head of household ability to manage accounts and privileges for self and other members of household • Wanted to base new services on telecommunication standards-based framework: IP Multi-media Subsystem (IMS) • Wanted comprehensive technology to address in internal users, external households, and both providers and consumers of MTS services • Oracle Identity and Access Management Suite • Oracle Access Manager for Single Sign-On and Delegated Administration to head of household • Oracle Identity Federation for providing system access to providers and consumers of MTS services • Oracle Internet Directory to provide robust directory solution built on top of Oracle database • Oracle Identity Manager (with 11 connectors) to provision employees to internal systems RESULTS • Initial deployment for Internet, TV, and Mobile customers • Planned to include VOIP Users and MTS supported ISP subscribers • Enables MTS to be competitive in a very competitive marketplace for telecom and multi-media content services

Case Study – Scottish Government BUSINESS CHALLENGE • Fragmented customer records and no single source of Citizen info across Scottish Govt. • Need to integrate to the UK Government Gateway so that users can access the Citizen Account (single, electronic customer record) ORACLE SOLUTION • The Scottish Govt. , National Infrastructure Project selected Oracle Identity and Access Management Suite beating out Software AG • Suite will integrate UK Govt. Gateway • Working with Sopra, Newell and Budge as the prime contract provider RESULTS • IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running • Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5 M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements

Problem: • • • Number one identified problem by USPS employees: too many passwords Very large scale environment: 3 million users with over 155, 000 knowledge workers Thousands of known applications, many beyond central IT reach Very limited IT staff to implement and maintain CTO wanted a solution that could be fully deployed in less than a year Solution: • • • Evaluated 7 different SSO vendors selected v-GO SSO 155, 000 users deployed in less than 8 months Over 7, 000 applications enabled Helpdesk password calls dropped from >1, 000 per day to an average of 10 per day Saved over $4 million per year “Passlogix was instrumental in helping the USPS solve its most critical end user problem – forgotten passwords – and solve it quickly. ” Bob Otto CTO

Analyst Endorsements Leader in User Provisioning! Gartner, April 2006 “[Oracle] has amassed a very strong management team and IAM technology portfolio … Its IAM road map looks the best of all vendors. ”

More Analyst Endorsements “Oracle’s offering of IAM products now pushes ahead of other IAM competitors such as BMC, Computer Associates International, Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems” - Roberta Witty, Gartner (Nov 2005) “Oracle's acquisition of Thor and Octet. String is a good move. These acquisitions coupled with Oracle's unique application top down approach to Identity Management will send ripples through the industry. ” - Mike Neuenschwander, Burton Group (Nov 2005) “Oracle has an advantage and early lead with its top down application strategy that is aligned with customer needs. ” - Christiansen, IDC (Nov 2005)

Learn More Learn the Technology • Visit: oracle. com/identity View whitepapers, buyer’s guides, and webinars Try the Software • Visit OTN: otn. oracle. com Download software, get technical information Ask Our Experts • Call: 1 -800 -438 -0626 Speak with an Identity Management specialist

Q & A