Oracle Identity Manager

<Insert Picture Here>
Identity Management 11g
What’s New, Features and Positioning
Rohit Gupta
VP, Product Management
Agenda
• Business Drivers
• Oracle’s Identity Management Strategy
<Insert Picture Here>
• Product and Roadmap Update
• 11g Components Review
•
•
•
•
Sun IdM Acquisition Update
Recent Customer Successes
Competitive Positioning and Objection Handling
Summary
Oracle Confidential – For Internal Use Only
Identity Management Business Drivers
Regulatory
Compliance
Reliable
Security
B2B
Collaboration
Operational
Efficiencies
User Experience
Oracle Confidential – For Internal Use Only
Identity Management 11g
Core Principles
ServiceOriented Security
Suite Wide
Integration
Entitlements
Centric
Hot-Pluggable
Oracle Confidential – For Internal Use Only
Oracle Identity Management 11g
Service-oriented Security
• “Identity as a Service”, declarative security framework
based on open Java and Web-services Standards
• Delivered through OPSS, services include
authentication, authorization, encryption, common
audit and logging etc.
• Comprehensive security for Fusion Middleware &
Fusion Applications
Oracle Confidential – For Internal Use Only
Oracle Identity Management 11g
Entitlements-centric Suite
Provisioning
Role
Management
Role Mining
• Common entitlements model for
authorization across the suite
Single
Sign-On
Web Services
Security
Entitlements
Rights
Management
Attestation
Audit
Reporting
Fraud
Management
Oracle Confidential – For Internal Use Only
SoD
Management
• Delegated administration
policies based on fine-grained
entitlements
• Risk-based authorization to
enable fraud prevention
• Exhaustive audit and
compliance reporting, based on
core entitlements defined and
managed centrally
Shared Services Based Architecture
• Unified Install and Config
• Intuitive, dynamic, user interface
• Shared Services for:
• Password Management
• Identity Administration
• Single Sign-On
• Strong Authentication
• Common Policy and Authorization
• Common Auditing/Reporting
• BPEL-based Workflow
Oracle Identity Management 11g
Hot Pluggable and Standards-based
• Leadership & Innovation
• Open-source efforts for Aris ID, OpenAz
• Interoperability & Adoption
• Enterprise & Internet identity standards
like SAML, SPML, XACML, OpenID,
Oauth, etc.
• Hot-Pluggable
• Across full range of Applications,
Middleware and Operating Systems
Oracle Confidential – For Internal Use Only
Supported and planned system configurations: http://idm.us.oracle.com  Release Info  Certifications
Oracle Identity Management
Oracle + Sun Combination
Identity Administration
Access Management*
Directory Services
Identity Manager
Access Manager
Adaptive Access Manager
Enterprise Single Sign-On
Identity Federation
Entitlements Server
Web Services Manager
Directory Server EE
Internet Directory
Virtual Directory
Identity & Access Governance
Identity Analytics
Oracle Platform Security Services
Operational Manageability
Management Pack For Identity Management
*Includes OpenSSO STS & Fedlet
Oracle Identity Management
Roadmap Timelines
July 2009
H2CY2010
February 2010
11gR1
Initial Sun Release
Internet Directory
Virtual Directory
Identity Federation
Web Services Manager
Platform Security Services
Directory Server EE
Identity Analytics
Oracle Waveset
Oracle OpenSSO
CY2011
11gR1+
Identity Manager
Access Manager
Adaptive Access
Manager
Authorization Policy
Manager
Hundred Day Release
Directory Server EE
Identity Analytics
Oracle Waveset
Oracle OpenSSO
Oracle Confidential – For Internal Use Only
11gR2
All Identity Management
products
Oracle Identity Manager
Provisioning and Identity Administration
• Integrated user and role
administration
Oracle Identity
Manager
Enterprise
Applications
• Internet-grade scalability
for extranet provisioning
• 10x Performance Gain
• New Attribute-based
Constrained Delegation
• Service-Oriented
• Flexible integration based on SPML
• Extensible workflow based on BPEL
Custom
Apps
GRANT or
REVOKE
Databases
and LDAP
Mainframes
Oracle Access Manager
New
Authentication and SSO
Applications
• Integrated Server and Agent Administration
• eCO-Grid, delivering high performance
Session Management
• SSO Security Zones scoped to individual
Application
• Inline diagnostics for superior manageability
• Support for OSSO Upgrades
Data
Services
Oracle Access
Manager
Oracle Adaptive Access Manager
Fraud Prevention
• Integrated Case Management & Fraud
Administration
Secure
Login
Oracle Adaptive
Access Manager
Risk Modeling
• OTP Anywhere across Interactive
Voice Response, SMS, Email etc.
• Universal Risk Snapshots for archival,
restoration, forensics and more
• AnswerLogic offers KBA in
combination with registration, answers
and fuzzy logic
Challenge
or Block
Analysis
and
Forensics
Oracle Identity Analytics 11g
Compliance and Identity Governance
Dashboard Risk
& Reports Analytics
IT Audit
Policy
Access
Certification
• Compliance Control Panel
• Extensive Set of Actionable Dashboards & Risk
Analytics
• Advanced Role Mining and Engineering
Oracle Identity Analytics
• Cert360 offers complete view of users, roles
and entitlements to reviewer for attestation
• Rich Identity Warehouse
• Optimized for Analysis, Mining, Correlation,
Reporting on Identity, Access and Policy Data
• Integrated with Oracle Identity Manager 11g
and 9.1, and Oracle Waveset
Access Manager
Identity
Warehouse
Identity
Warehouse
Identity Manager
Identity Data
Sources
Enterprise Applications
Sun IdM Acquisition Status
Review of IdM Acquisition
Old Name
New Name
Sun Directory Server Enterprise Edition
Oracle Directory Server Enterprise Edition
Sun Role Manager
Oracle Identity Analytics
Sun Identity Manager
Oracle Waveset
Sun OpenSSO Enterprise
Oracle OpenSSO
Strategic Products
Continue and Converge
Oracle Directory Server Enterprise
Edition & Oracle Internet Directory
N/A
Oracle Identity Manager
Oracle Waveset
Oracle Access Manager
Oracle OpenSSO
Oracle Identity Analytics
Oracle Role Manager
Sun to Oracle Identity Management
Migration Paths
Oracle Waveset
Oracle OpenSSO
Oracle OpenSSO
(Federation)
18
Oracle Identity Manager
11g
Oracle Access Manager
11g
Oracle Identity Federation
11g
Copyright © 2010, Oracle. All rights reserved
Strategic Guidance on OW
• Guidance on ways to continue with Oracle Waveset
• Where to safely invest, what to avoid, how to prepare
• Co-existence Strategy (ahead of Migration)
• Support a phased approach to migration
• OIM as back-office provisioning automation engine for new
(and eventually all) targets
• Migration Solution
• Oracle to provide migration solution (methodology,
automation tools, documentation) to migrate from Oracle
Waveset to Oracle Identity Manager
• Common Connector Strategy
• Leverage connector innovation in current Oracle Waveset
deployment
19
Copyright © 2010, Oracle. All rights reserved
Strategic Guidance on OpenSSO
• Phased approach to minimize impact during the
transition to OAM 11g
• Agent level compatibility
• Manual policy migration
• Automations, upgrade utilities projected for OAM 11g
• Target migrations from 7.x, 8.0
• Focus on simple use cases – Authentication and SSO
• Advanced use cases such as session failover or URL/J2EE
policy will be evaluated on a case by case basis
20
Copyright © 2010, Oracle. All rights reserved
OpenSSO – OIF 11g
• Customers using OpenSSO federation features may migrate to
OIF 11g
• SAML / WS-Federation / Liberty ID-FF
• OpenSSO Fedlet (certified, bundled with OIF 11g)
• Certain features are out of scope for OIF
• Liberty ID-WSF, SIS
• Migration utilities for standards-based flows
• Standard metadata import/export
• Custom processing will have to be re-implemented
• Some manual steps may be required for metadata and trust
21
Copyright © 2010, Oracle. All rights reserved
Business Landscape and
Positioning
Oracle’s IdM Business Momentum
2005
2010
• License Revenue
• No. of Products
> 1,300% growth
3
18
• No. of Customers
< 250
> 6,000
• Developers & PM.
< 60
> 500
• NA Consultants
<5
>100
• SI Partners
<5
> 70
Oracle Confidential – Do Not Distribute
Business Summary
Oracle Confidential – Do Not Distribute
Case Study – Exelon
OIM for Enterprise Provisioning & Identity Administration
Business Challenges
• NERC (North American Electric Reliability Corporation)
regulations were expanded in January 2010 due to homeland
security initiatives
• The new regulations resulted in additional reporting and
compliance requirements for energy providers, particularly
those generating nuclear power
Oracle Solution
Return On Investment
• Oracle Identity Manager for 22,000
users and Oracle Identity Analytics
chosen over CA and Courion
• OIM will allow employees to reduce
application access time from 15 days to
less than 4 hours
•Deploying in Sun Solaris Environment
• Reduced administrative costs through
user self service
• Accenture aligned with Oracle to
recommend us over CA
Oracle Confidential – For Internal Use Only
• Automated the certification process,
which will significantly reduce time and
money spent on this quarterly activity
Case Study – American Express
OIA for Compliance, Attestation, & Identity Governance
Business Challenges
• Manual certifications and multiple orphaned accounts
• Needed a central repository for who-has/had what access
• Business struggles with cryptic names for entitlements
Oracle Solution
• Oracle Identity Analytics with 200K
users, 5M accounts, 24M entitlements
and 6.5M glossary definitions
• Defined user access certifications
across 1400 applications
• Automated closed loop remediation by
integrating with provisioning
Oracle Confidential – For Internal Use Only
Return On Investment
• Removed 500K orphaned accounts
• Automated 13,000 access
certifications
• Successfully certified transfers to
ensure proper access
• Eliminated the disconnect between
business and IT in regards to glossary
definitions
Case Study – Lockheed Martin
Sun Subscription to Oracle Migration
Business Challenges
•Subscription Sun Identity Manager Licensee
•License term can run through, but not possible to renew
after that putting their future project plans at risk
•Lockheed is using a non-strategic technology (Sun Identity
Manager)
Oracle Solution
Return On Investment
•Oracle Identity Manager Perpetual Use
License
•Cancel Sun Subscription License
•Lockheed is now on the path to migrate
to the strategic technology and can plan
to do so in a non-rushed fashion
•Provide 24 months of right to use both
Sun and Oracle during the technical
migration process
Oracle Confidential – For Internal Use Only
IdM Competitive Summary: Suites
Suite Breadth
Access Mgmt
& Entitlements
Fraud Prev. &
Strong Authn
Identity
Administration
Directory
Services
Audit &
Compliance
Full IdM Comp Intell at http://my.oracle.com/compete and http://idm.us.oracle.com
Oracle Confidential – For Internal Use Only
Competing with IBM
Positioning Against IBM
What to Expect from IBM
• Product and Deployment Complexity
• A lot of FUD around Sun.
• Complex licensing model
• Solutions-based sales model, i.e., IBM
Global Services will bundle HW, SW, and
professional/managed services
• Competitive displacements, especially for
TIM/TAM. Use strong Oracle References.
• Audit and Compliance capabilities;
Sophistication in role management,
GRC/SoD integration
• Support for Fine-grained Authorization
and Entitlements
• IBM claims they are the market leader for
web access management
• Will highlight their strong integration
between Provisioning and SIEM (Security
Information and Event Management).
• Strategic relationships at the CXO levels
• Depth and Breadth of IdM integration with
Oracle Ebusiness Suite, PeopleSoft,
Siebel and SAP
In Depth IBM Comp Intell - http://my.oracle.com/portal/page/myo/compete/master_ci/ibm_tivoli
Oracle Confidential – For Internal Use Only
A new breed of competition
• Most visible OIA Competitor
• They message around ease
of use, simplicity, and cost
effectiveness
• We need to message around
completeness of stack, deep
investment in this space, tight
integration with OIM, and
ability to do complex role
management and rule
lifecycle management
• Question their product’s
ability to scale
• Click SailPoint logo for more
detailed comp intell and
positioning points
Oracle Confidential – For Internal Use Only
• Directory Services
Competitor
• They message around next
generation IdM infrastructure
and ability to scale
• We need to message around
completeness of stack
including the top directory
services platform used in
numerous highly distributed,
scaled, and mission critical
instances
• Question their company’s
ability to scale to support
large customer deployments
• Commercial support for
former “Sun” Open Source
• They message around the
virtues of Open Source
technology and their ability to
enhance and support the
products
• We need to message around
the best parts of Sun IdM
merging with Oracle IdM to
deliver the leading next
generation IdM technologies
• Clarify that Oracle is
supporting commercial
licensees of OpenSSO and
offers license and technical
migrations to Oracle
• Question their ability to
support all of the
technologies they are taking
on