1. Security As A Service Marc Chanliau, Identity Management Technical Evangelist [email_address]

10. OPSS in Oracle Fusion Middleware Oracle JDeveloper Web Browser Oracle WLS Admin Console Oracle Enterprise Mgr Load Balancer Oracle WebCache Oracle HTTP Server Applications Oracle SOA Suite Oracle Identity Mgt Oracle Platform Security Services Oracle WebCenter Oracle WebLogic Server LDAP RDBMS Web Tier Application Tier Data Tier

13. Oracle Virtual Directory Virtualizes Identity Store, Credential Store, Policy Store Develop Deploy Manage Oracle Fusion Middleware Components and Oracle Fusion Applications ATN, ATZ, CSF, UserRole, Policy Management, Cryptography (OSDT) Identity Assertion Role Mapping Creds Mapping JEE Policy & Role Deployment Custom SSPI Providers Java2 & JAAS Policy Provider Cert Lookup & Val OPSS Functionality OPSS APIs Audit SSO

14. Platform to Product Security Domain OPSS Solution (Basic Features) OPSS Product Solution (Advanced Features) Identity Store Embedded LDAP OID Policy Store File - XML OID Credential Store File – Oracle Wallet OID SSO WLS SAML Oracle Access Manager Authorization OPSS CheckPermission Oracle Entitlement Server

15. Oracle Products Using OPSS Product Name What It Does How It Uses OPSS Oracle ADF / WebCenter ADF is the framework used to develop WebCenter applications (portlets, etc.) Authentication, JAAS Authorization, Application Role,Anonymous and Authenticated Role, Policy Store Abstraction, Policy Management, Credential Store Framework Oracle Web Services Manager (OWSM) OWSM provides SOA and web services security Authentication, JAAS Authorization, Credential Store Framework, Keystore Service, Audit Oracle SOA Provides applications designed to deploy SOA environments (BPEL, ESB, etc.) Authentication, Authorization and Audit Oracle Service Bus (OSB) Connects, mediates, and manages SOA composites interaction Authentication, identity assertion, authorization, Role mapping, credentials mapping, cert. lookup, audit, SSO, SSPI framework for third-party integration Oracle Entitlements Service (OES) Provides externalized fine-grained authorization Authentication, identity assertion, authorization, role mapping, credentials mapping, cert. lookup, audit. WebLogic Server (WLS) Container Java EE server / container Authentication, identity assertion, authorization, role mapping, credentials mapping, cert. lookup, audit, SSO, SSPI framework for third-party integration Oracle Access Manager Web access and single sign on platform Identity assertion and integration with WebLogic Server security.

17. Oracle ADF 11g Architecture © 2009 Oracle Corporation Struts Business Services Data Services Model Controller JSP View Desktop Browser/ Mobile Devices Metadata Services ADFm (JSR 227) JSF ADF Faces JSF/ADFc Java EJB BAM BPEL ADF BC BI XML Office Swing Web Services Portlet Toplink JMX JCR Relational Data XML Data Legacy Data Packaged Apps

21. ADF Security: Authorization Administrator Clerks HR Sales Dev ADF Security performs authorization check In her manager role, sking can see master and detail views Policy Store BrowseDepartments.jspx Staff <grant> <principal> <type> role </type> <name> manager </name> </principal> <permission> <name> BrowseDep </name> <actions> view </ actions> </permission> </grant> WebLogic Server ADF Security Filter User sking User ahunold BrowseDepartments.jspx In his user role, ahunold can only see master view JAAS AuthZ request

23. © 2009 Oracle Corporation Demo

24. © 2009 Oracle Corporation OPSS Use Cases

39. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. © 2009 Oracle Corporation