<Insert Picture Here>

Update Product Management

Christian Patrascu, Principal Product Manager, Oracle Corp.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.

2

relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Agenda

• Overview Oracle I&AM • Oracle I&AM – Roadmap

3

• Oracle I&AM – Roadmap

Oracle Security Inside Out

Identity Management

Database

• Identity-as-a-Service• User Provisioning & Role Management• Identity and Access Governance• Access Management • Directory Services

• Encryption and Masking• Privileged User Controls

4

Database Security

Infrastructure Security

• Privileged User Controls• Multi-Factor Authorization• Activity Monitoring and Audit• Secure Configuration

• Microelectronics• Operating Systems• Virtualization and Hypervisors• Storage and Networking

20112005

Oracle’s I&AM Business Momentum

• License Revenue• No. of Products• No. of Customers

3< 250

> 1500% growth18

> 7,000

5

• No. of Customers• Developers & PM• SI Partners• Analyst Evaluation

< 250< 60< 5

Niche Player

> 7,000> 650> 120

Suite Leader

Partners / Suppliers orlocal authorities

Web Service Security

External Users(Economy, Citizens)

Internal Users

Access Control

Id. Synchronization

Data

Fraud D. & Strong Auth.

Entitlement Management

Information Rights Management

Oracle End to End Security with 11G

6

Directory Service

Id. Synchronization

Provisioning & Role Mgt.

Partners / Suppliers orlocal authorities

FederationAudit, Compliance & SOD

Information Rights Management Partners / Suppliers orlocal authorities

Web Service Security

External Users(Economy, Citizens)

Internal Users

Access Control

Data

Oracle End to End Security with 11G

Fraud D. & Strong Auth.

Oracle Web Service Manager

Oracle Access Manager Oracle DB

Vault & Audit

Oracle Adv. Security

Oracle Enterprise Single Sign On

Oracle AdaptiveAccess Manager

Information RightsManager

Id. Synchronization

Entitlement ManagementOracle

Enitlements Server

7

Partners / Suppliers orlocal authorities

Directory Service

……Provisioning & Role Mgt.

Enterprise User Security

Oracle DB Firewall

Oracle Identity Analytics

Oracle Identity Manager

Oracle DirectoryServer EE

Oracle Internet Directory

Oracle VirtualDirectory

Audit, Compliance & SOD

Id. Synchronization

Federation

Oracle Identity Federation

Oracle Identity Management 11GComprehensive and Best-of-Breed

Access Management *Identity Administration Directory Services

Access ManagerAdaptive Access ManagerEnterprise Single Sign-On

Entitlements ServerIdentity Federation

Information Rights ManagementWeb Services Manager

Identity Manager Directory Server EEInternet DirectoryVirtual Directory

8

Oracle Platform Security Services

Web Services Manager

Identity Analytics

Management Pack For Identity Management

Operational Manageability

Identity & Access Governance

*Access Management includes Oracle OpenSSO STS and Oracle OpenSSO Fedlet

Security Governor

Oracle Identity Management 11gKey Design Themes

Integrated Suite

Service-Oriented Security

9

Suite

Hot-Pluggability& Open

Standards

Security

Unified Administration

Identity Administration

Oracle Identity Management 11gComplete and Integrated Suite

Directory Services

10

Access Mgmt

Administration

• Unified and Modern Web 2.0 based Admin Interface

• Unified Installation and Configuration

• Common Auditing and Logging

• Shared Services for:• Password Management

• Identity Administration

• Single Sign-On

• Entitlements Management

Services

Agenda

• Overview Oracle I&AM • Oracle I&AM – Roadmap

11

• Oracle I&AM – Roadmap

I&AM Roadmap

Q2 2011 H2 CY 2011 CY 2012

11G R1 PS1 11G R1 PS2 12G (11G R2)

- Ext. Framew.: Write own AuthN plugins- Impersonation

- openSSO proxy- Websphere Support - Multiple Id. Store

- 10G Feature Parity- Automated Upgrade scripts from 10.1.4.3

12Copyright @ 2011, Oracle. All rights reserved

- Impersonation - Pure Java ASDK- OSTS Integration- BUGs / ERs

- Multiple Id. Store- BUGs / ERs

scripts from 10.1.4.3- Identity Services Framework with SSI

- Common Identity Framework- libOVD- Provlets- Upgrade 9.1.x

- Websphere Support - Multi LDAP Support- BUGs / ERs

- SIM Feature Parity - Identity Services Framework with SSI- Cloud Features

OAMOAM

OIMOIM

IAM as a Cloud

• Use Cases / Customer Segments– Needs IAM Service without considering in-house deployment– Externalize certain functions of IAM– Service Providers that want to offer IAM as a business service

• Functions / Key Business Requirements– Self Service and Delegated Admin for Clients

Client 2

Oracle IAM

1313

– Federated Auth and Provisioning, SSO, Strong Auth– Compliance, Analytics

• Key Technical Requirements– Multi-tenant architecture across IAM stack– MSP to Tenant integration architecture (fedlet/provlet/etc)– “Identity as a Service”

Client 1

MSP

IAM

Apps

IAM as a Cloud

• Use Cases / Customer Segments– Needs IAM Service without considering in-house deployment– Externalize certain functions of IAM– Service Providers that want to offer IAM as a business service

• Examples:

- Telenor (in-house, Identity Admin)

Client 2

Oracle IAM

1414

- Telenor (in-house, Identity Admin)- BT (external offering, Access Management)

Client 1

MSP

IAM

Apps

Phase I:

ID Verification Service

Customer App

Identity as a ServiceBT Managed Fraud Reduction Services

15

End user

Discrete BT Services

Phase II A:

ID Verification Service

Customer App

Identity as a ServiceBT Managed Fraud Reduction Services

16

Fraud Prevention

BT Managed Fraud Reduction Services

End user

Phase II B:

ID Verification Service

Customer App

OSB

Identity as a ServiceBT Managed Fraud Reduction Services

17

Fraud Prevention

BT Managed Fraud Reduction Services

End user

Phase III:

Identity as a ServiceBT Managed Fraud Reduction Services

18

Parameter of Real Time “Risk-score calculation”:

Origin of transaction e.g. registration from black- listed country or entity

Multiple registrations from same device

Location e.g. user transacting from a new device

Previous behaviour:

Identity as a ServiceBT Managed Fraud Reduction Services

19

Previous behaviour:

• Impossible travel: 5 Minutes ago Frankfurt; now Mun ich

• Unusual activity e.g. user normally makes small pay ments to a consistent set of payees but not is about to transfer entire balan ce to a just-created payee

• Cross-channel fraud. E.g. contact details changed v ia call centre immediately before unusual web transaction

Identity Services Framework with SSI

12g10gR3

OAMOAM

AuthN

AuthZ

Audit

Delegated Admin

Self Service

Workflow

OIMOIM

Provisioning

Reconciliation

Connectors

OAMOAM

AuthN

AuthZ

Audit

Fusion ApplicationsOther Applications

11g

20

SSI

WS or API

OIMOIM

Provisioning

Reconciliation

Connectors

Delegated Admin

Self Service

Workflow

Workflow Connectors Audit

Delegated Admin

Workflow

Identity Admin

Role Admin

Self Service…

BPELBPEL

Oracle IdM Suite 12GSummary

Strategic Focus areas:� Enterprise-class multi-tenancy architecture, to sup port Cloud

� Realize the vision of the Identity Services Framewo rk

� Shared identity context across distributed system l ayers

21

Tactical Focus areas:� Common Identity Connector Framework (PS1)

� Coexistence Scenarios for AM & IdAdmin (PS2)

� Cloud – Part 1 (Provlets) (PS2)

� OW / SIM / openSSO Feature Parity & Migrations

� Complete functional & architectural integration of enhanced identity stack

Analyst &

Market Recognition

2009&

2110

22

23