Oracle Centralizes Authentication
Oracle Identity Management, which is part of Oracles 10g database and application server offering due by years end, brings together a lot of components that previously were scattered across Oracles offerings.
Central is an LDAP directory, Web single sign-on capabilities, and an authority for issuing PKI certificates. OIM also includes APIs for connecting to other authentication services from third parties. All the applications in Oracles enterprise software suite work with OIM out of the box, officials said.
In addition to enhancing security of the entire IT infrastructure, a major goal of OIM is to reduce operations costs by making it simpler for DBAs and end users to use that infrastructure, said officials, in Redwood Shores, Calif.
For the administrator, OIM provides a centralized directory to manage user authentication and access rights.
"The idea is to take the drudgery out of the things [a DBA does]," said Mary Ann Davidson, Oracles chief security officer. "Do you really want to go around [to multiple applications and databases] and delete all these privileges every time a person leaves the company?"
Taking the drudgery out of administrative tasks also saves money by making DBAs more productive, Oracle officials claimed. They cited a study from the Meta Group Inc. that said automating password administration can save $648,000 a year for a company with 1,000 employees.
"You get an awful lot of bang by reducing the number of signons," Davidson said.
Oracle has formed partnerships with security and directory software makers like Netegrity Inc. and Oblix Inc. that eases integration of their products into OIM, officials said. OIM also features easy integration with Microsofts Active Directory and Windows operating system, officials said. This enables enterprises to use either Active Directory or the Oracle Directory in OIM to operate as the master directory.
OIM, like the rest of Oracle 10g, is well suited for grid computing where users and systems can be spread all over the map, Davidson said.
"Identity Management is not just about identifying users, its also about authentication of services," Davidson said. "Privileges can be inhered by a resource so that if it is authenticated in one place [another system on the grid] doesnt have to do a second lookup."