OIM Centralizes Authentication

By John S. McCright  |  Posted 2003-10-27

Oracle Corp. has rolled out a security infrastructure that bundles new and existing authentication offerings into the 10g database and application server.

OIM (Oracle Identity Management), due by years end, brings together components that previously were scattered across Oracles offerings.

Featured is an LDAP directory, Web single-sign-on capabilities and an authority for issuing public-key infrastructure certificates. OIM also includes APIs for connecting to other authentication services from third parties. All the applications in Oracles enterprise software suite work with OIM out of the box, officials said.

In addition to enhancing security of the entire IT infrastructure, a major goal of OIM is to reduce operations costs by making it simpler for database administrators and users to use that infrastructure, said officials for the Redwood Shores, Calif., company.

For the administrator, OIM provides a centralized directory to manage user authentication and access rights.

"The idea is to take the drudgery out of the things [a DBA does]," said Mary Ann Davidson, Oracles chief security officer. "Do you really want to go around [to multiple applications and databases] and delete all these privileges every time a person leaves the company?"

Taking the drudgery out of administrative tasks also saves money by making DBAs more productive, Oracle officials claimed. They cited a study from Meta Group Inc., of Stamford, Conn., that reported automating password administration can save $648,000 a year for a company with 1,000 employees. "You get an awful lot of bang by reducing the number of sign-ons," Davidson said.

Oracle has formed partnerships with security and directory software makers, such as Netegrity Inc. and Oblix Inc., that ease integration of their products into OIM, officials said. OIM also features easy integration with Microsoft Corp.s Active Directory and Windows operating system, officials said. This enables enterprises to use either Active Directory or the Oracle Directory in OIM to operate as the master directory.

Rocket Fuel