con8837 leverage authorization to monetize content and media subscriptions - final
DESCRIPTION
Roger Wigenstam's OOW2013 presentationTRANSCRIPT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
Leverage Authorization to Monetize Content and Media SubscriptionsRoger WigenstamSr. Director, Product ManagementOracle Identity & Access Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4
Program Agenda
Oracle Entitlements Server : Overview
Customer Case Studies
Demo
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5
Oracle Entitlements ServerOverview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6
In all things Oracle– Over 50 products now using
– Many more in progress
With popular 3rd party platforms
Used by 1000’s of customers
Embedded & Integrated
Oracle Entitlements ServerOracle’s Strategic Authorization Solution
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7
Standards based High performance Extreme scale Multi Data Center support Many Deployment options
Fine grained Authorization
Oracle Entitlements ServerWhat is it?
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8
Authorization Use Cases
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9
Oracle Entitlements ServerFine grained authorization for Web Applications & Portals
Control Access to • Pages • Tabs• Portlets / Regions • Tables• Text Fields • Buttons• Tree Nodes• Graphics / Charts• Dropdowns / List Items / List of
Values• What data do you get to see
(documents, in tables, charts etc) • Data Masking• Operations on Data (hire, promote,
approve, reject)• Backend Data & Web Service
operations• Personalization / Customization• and more…
Query “My” Employees
123 John Smith $125K 123-456-7890129 Bob Black $110K 123-111-2222143 Sam Fisher $100K 123-333-4444
Oracle Entitlements ServerData Security
Query Employees
isAuthorized(user = Bob Smith, userRole = Product Director resource = Employees Table action = View)
HCM_Employees
HCM_Organizations
HCM_Jobs
HCM_Positions
authzResult = PermitObligations = [ SECURITY_FILTER | “MANAGER_ID = :CURRENT_USER”]
Employees
Organizations
Jobs
select EMP_ID, NAME, SALARY, PHONEfrom HCM_EMPLOYEESwhere MANAGER_ID = :CURRENT_USER
123 John Smith $125K 123-456-7890129 Bob Black ******** 123-111-2222143 Sam Fisher $100K 123-333-4444
Promote Transfer
Transfer
Promote Transfer
ID Name Salary Phone Actions
Application level enforcement for Oracle & 3rd party RDBMS
• OES returns an “Obligation” with the security filter (SQL where clause)
• Object, Row, and Attribute level security
• CRUD & Business Operations
• High performance & scalabilityOracle Entitlements Server
OES PDP
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11
Content ManagementAttribute Based Access Control
World Domination Strategy.pptx
Cost Analysis.xls
World Domination - Details.docx
Progress Report.pptx
Public Statement.pptx
Top Secret
Secret
Top Secret
Top Secret
Public
Strategy, Development
Accounting
Development
Strategy
Marketing
Name Sensitivity Department
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12
Oracle Entitlements Server Mobile Authorization
Authorize Business TransactionsSelective Data Redaction
Context Aware
Standards Based
Full Audit Trail
No Code Changes Required
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13
Oracle Entitlements ServerFine grained authorization for API’s and Web Services
<SOAP:Envelope> <SOAP:Header> <User> Gary Chalmers </User> <Org> Public Schools </Org> <Role> Superintendent </Role> </SOAP:Header> <SOAP:Body> <getStudentDetail> <studentID> 999999 </studentID> </getStudentDetail> </SOAP:Body></SOAP:Envelope>
Request
Student WebService
HTTP / REST / SOAP / OAuthClients
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14
Response
Student WebService
<SOAP:Envelope> …<SOAP:Body> <getStudentDetailResponse> <studentID> 99999 </studentID> <name> Bart Simpson </name> <grade> F </phone> <SSN> 987-65-4321 </SSN> <DoB> 13-Feb-2005 </DoB> <address> Evergreen Terrace </address> </getStudentDetailResponse> </SOAP:Body></SOAP:Envelope>
Oracle Entitlements ServerFine grained authorization for API’s and Web Services
HTTP / REST / SOAP / OAuthClients
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15
Student WebService
Response
isAuthorized(user = Gary Chalmers, userOrg = Public Schools userRole = Superintendent studentId = 99999 action = getStudentDetail)
• Selective Data Redaction of the response payload
• OES authz decision returns an “Obligation” with information on what to redact
Oracle API Gateway
OES PDP
Oracle Entitlements Server
<SOAP:Envelope> …<SOAP:Body> <getStudentDetailResponse> <studentID> 99999 </studentID> <name> Bart Simpson </name> <grade> F </phone> <SSN> ***-***-**** </SSN> <DoB> **/**/**** </DoB> <address> Evergreen Terrace </address> </getStudentDetailResponse> </SOAP:Body></SOAP:Envelope>
Oracle Entitlements ServerFine grained authorization for API’s and Web Services
HTTP / REST / SOAP / OAuthClients
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16
OES PDP
Mobile & Social Access Management Deployment Architecture
Corporate DMZ Corporate Network
HTTP / REST / SOAP / OAuthClients
Entitlements Server
Mobile and Social
OHS
SOAP/REST and Legacy Web Services
Access Manager
Directory Services
Oracle API Gateway
Web Services Manager
Service Bus
Context Aware Authorizationand Data Redaction
Web Traffic
REST Traffic
OES PDP
OAM Agent
Web AppsAdaptive Access
OES PDP
OAM Agent
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17
All that is good, but leverage Authorization to help Monetize Subscriptions????
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18
Tiered Subscriptions
Many organizations offer content through subscriptions– Free vs Basic vs Premium offerings
How do I expand my customer base ? How do I make each tier more attractive and lure customers to sign up for
premium offerings ? How do I quickly capitalize on rapidly evolving events and market trends ?
To Movies, Internet / WiFI Access, Reports, Customer Data, Content of any kind
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19
Tiered Subscriptions (cont.)
Answer ? – Expand the customer base and upsell through traditional marketing campaigns etc?
– Offerings may be difficult to change, require involvement from the development team
Or perhaps ?– Make premium content temporarily available for free, or to subscribers at lower levels
to get them hooked / upsell
– Stay current with market trends, rapidly change offerings by simply deciding what policy changes are required to make content available to subscribers at different levels
– Leveraging an externalized Authorization system can help !
To Movies, Internet / WiFI Access, Reports, Customer Data, Content of any kind
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20
Customer Case Studies
Swapnil Mehta, Sena Systems
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21
Customer Case StudiesContent & Media Subscriptions
Placeholder for SENA Slides
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22
Summary
Monetize and/or make information available to new clients and applications through simple policy changes
– Control exposure of sensitive data
– Control what transactions users can submit
Leveraging Oracle Access Management– Oracle Entitlements Server
– Oracle API Gateway
– Oracle Access Manager
– Oracle Mobile & Social
– Oracle Adaptive Access Manager
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23
Questions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24
Don’t miss these IDM Sessions
CON8828 Wednesday 09/25, 1:15PM Moscone West, Room
2018
Justifying and Planning a successful Identity Management Upgrade
Sanjay Rallapalli, Oracle
CON8813 Wednesday, 09/25, 3:30PM Moscone West, Room
2018
Securing privileged accounts with an integrated identity management solution
Olaf Stullich, Oracle
CON8836 Thursday 09/26, 11:00AM Moscone West, Room
2018
Leveraging the Cloud to simplify your Identity Management implementation
Guru Shashikumar, Oracle
CON 4342 Thursday 09/26, 12:30PM Moscone West, Room
2018
Identity Services in the New GM IT GM
CON9024 Thursday 09/26, 2:00PM Moscone West, Room
2018
Next Generation Optimized Directory - Oracle Unified Directory
Etienne Remillon, Oracle
CON8902 Thursday, 09/26 2:00PM Marriot Marquis – Golden
Gate C3
Developing Secure Mobile Applications Mark Wilcox, Oracle
CON8826 Thursday, 09/26, 3:30PM Moscone West, Room
2018
Zero Capital Investment by leveraging Identity Management as a Service
Mike Neuenschwander, Oracle
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25
Oracle Fusion MiddlewareBusiness Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Best-in-class
Open standards
On-premise and Cloud Foundation for Oracle Fusion
Applications and Oracle Cloud
User Engagement
Identity Management
Business Process
Management
Content Management
Business Intelligence
Service Integration Data Integration
Development Tools
Cloud Application Foundation
Enterprise Management
Web Social Mobile
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27