LDAP解决方案 - Oracle Identity and Access Management

Oracle Identity and Access Management 
Oracle Identity and Access Management 属于Oracle Fusion Middleware的产品,Oracle Identity and Access Management又可以从逻辑上分为三个部分(即Oracle LDAP方案实现的典型三件套)。
  • Oracle Access Management (OAM)  - 单点登陆的实现模块
  • Oracle Identity Management (OIM) - 身份供应的实现模块
  • Oracle Internet Directory (OID) - LDAP信息存储的数据库

1) Directory Services - overview including OID.
An online directory is a specialized database that stores and retrieves collections of information about objects. The information can represent any resources that require management, for example:
  •     Employee names, titles, and security credentials
  •     Information about partners
  •     Information about shared resources such as conference rooms and printers.
The information in the directory is available to different clients, such as single sign-on solutions, email clients, and database applications. Clients communicate with a directory server by means of the Lightweight Directory Access Protocol (LDAP). Oracle Internet Directory is an LDAP directory that uses an Oracle Database for storage.

2) Access Management:
A) Access Manager
 - Controlling User Access to Enterprise resources. It also provides web based Identity Administration & access control to applications & resources. Provides User, password and group management. User access policies can be defined and enforced with high granularity.

B) Identity Federation – Allows companies to operate independently and enable cross domain user provisioning.

C) Single Sign-on - It provides built in integration with customer’s IM and addressing key challenges (for cross domain access) like automatic mapping, identity mapping access control navigation.

D) eSSO - Enterprise SSO is upcoming product which provide true SSO for all application and resource in an enterprise, without modifying existing applications.

如果你登陆MetalinkOTN,或者eDelivery,可以看到Oracle所使用的单点访问(SSO)解决方案也是基于Oracle Access Management


3) Identity Management:

A) Identity Manager - Allows automated user identity provisioning and deprovisioning. Key features of Identity Manager are password management, workflow & policy management, Identity reconciliation, reporting and Auditing. Identity manager also supports attestation (confirming access rights by user or system manager periodically). This is requirement from SoX compliance.

B) DAS – Delegating Administrative Services provides trusted proxy based administration at User or Administrator level.



参考:


LDAP解决方案 - Oracle Identity and Access Management,古老的榕树,5-wow.com

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。