cations are natively built to take advantage
of the Oracle Identity Management 11 g
infrastructure, as opposed to the old style,
where security would always be reverse-engineered into the business application as
Oracle Magazine: In terms of integration,
what is an example of how Oracle Identity
Management 11 g is solving business
Jasuja: In the past, customers who deployed
identity management products often had
difficult user experiences by way of installation, configuration, how they collected and
used audit data in reports, and whether they
could look at a combination of risk factors
such as device identification or geolocation
to authenticate users and, therefore, mitigate risks around identity theft.
What we’ve done with the suite is taken
the core products and created seamless integration across a range of cross-product use
cases. Let’s say that I go to a Website, and
I try to log in but I have forgotten my password. I can answer a challenge question and
have a new password sent to me via an SMS
message to my phone, and I can use that
phone-based SMS to reset my password and
gain access to my business application again.
In the past, companies would have to
often tie two or three different technologies
together to be able to achieve this. But with
our suite, we have integrated Oracle Identity
Manager, Oracle Access Manager, and Oracle
Adaptive Access Manager to address this
flow completely out of the box.
Oracle Magazine: What are some other
standout features in the suite?
Jasuja: There are a number of very interesting
features that we have delivered in Oracle
Identity Management 11 g—let me highlight
a couple of them.
With Oracle Access Manager 11 g, we have
a native session server built in. This allows
Website administrators to have complete
visibility over who is actually using a system
from a central place.
Historically, all Web single-sign-on technologies have been cookie-based and, as a
result, completely stateless. That means that
“Identity management has gone from being
a nice-to-have technology to a must-have.
It’s become more of a compliance-driven
mandate [than] . . . a productivity tool.”
—Amit Jasuja, Vice President of Development, Identity Management and Security Products, at Oracle
if the Website administrator detects a hacker
or somebody who should not have access,
there is nothing the administrator can do
to disallow access—other than taking the
site down. With the session server in Oracle
Access Manager 11 g, if any suspicious activity
is detected, it can be pinpointed down to a
user, and the administrator can terminate
the user’s session centrally so that when the
user tries to access the application, he or
she will have been logged out—and denied
access. That’s a very important capability of
Oracle Access Manager.
Let’s look at user administration.
Historically most provisioning and role management products were separate. People
would do role management using one tool,
and they would do account access management within various applications through a
Now, with Oracle Identity Manager 11g,
we have the first product that does role
request management, account request
management, and user request management in one place. Everything is integrated
into a single, completely intuitive, business-friendly user interface.
Oracle Magazine: How do you see identity
management technology continuing to
Jasuja: There are three dimensions that are
becoming much more important as we look
at identity. First, there is a convergence of
what we call physical and logical identity.
More and more organizations are trying to
use primary identity form factors, such as
a driver’s license, a phone, or a badge for
identification. This identity needs to be
accepted all of the way through all of the
different business applications that a user
Second is the proliferation of devices that
are being used more and more to access
content and collaborate with others over the
internet. These devices and what people are
trying to do dramatically increase the scale
and flexibility requirements on traditional
identity infrastructure—especially in being
able to work with a broad range of tokens for
authentication, rapid establishment of trust,
privacy control, and profile management.
Caroline Kvitka is a
senior managing editor
of Oracle Magazine and
LISTEN to the podcast
LEARN more about Oracle Identity