<Insert Picture Here>

Identity Management 11g

Whats New, Features and Positioning
Rohit Gupta
VP, Product Management

Agenda
Business Drivers
Oracles Identity Management Strategy

<Insert Picture Here>

Product and Roadmap Update

11g Components Review

Sun IdM Acquisition Update

Recent Customer Successes
Competitive Positioning and Objection Handling
Summary

Oracle Confidential For Internal Use Only

Identity Management Business Drivers

Regulatory
Compliance

Reliable
Security

B2B
Collaboration

Operational
Efficiencies

User Experience
Oracle Confidential For Internal Use Only

Identity Management 11g

Core Principles
ServiceOriented Security

Suite Wide
Integration

Entitlements
Centric

Hot-Pluggable
Oracle Confidential For Internal Use Only

Oracle Identity Management 11g

Service-oriented Security
Identity as a Service, declarative security framework
based on open Java and Web-services Standards
Delivered through OPSS, services include
authentication, authorization, encryption, common
audit and logging etc.
Comprehensive security for Fusion Middleware &
Fusion Applications

Oracle Confidential For Internal Use Only

Oracle Identity Management 11g

Entitlements-centric Suite
Provisioning

Role
Management

Role Mining

Common entitlements model for

authorization across the suite

Single
Sign-On

Web Services
Security

Entitlements

Rights
Management

Attestation

Audit
Reporting

Fraud
Management

Oracle Confidential For Internal Use Only

SoD
Management

Delegated administration
policies based on fine-grained
entitlements
Risk-based authorization to
enable fraud prevention
Exhaustive audit and
compliance reporting, based on
core entitlements defined and
managed centrally

Shared Services Based Architecture

Unified Install and Config

Intuitive, dynamic, user interface
Shared Services for:
Password Management
Identity Administration
Single Sign-On
Strong Authentication
Common Policy and Authorization
Common Auditing/Reporting
BPEL-based Workflow

Oracle Identity Management 11g

Hot Pluggable and Standards-based
Leadership & Innovation
Open-source efforts for Aris ID, OpenAz

Interoperability & Adoption

Enterprise & Internet identity standards
like SAML, SPML, XACML, OpenID,
Oauth, etc.

Hot-Pluggable
Across full range of Applications,
Middleware and Operating Systems

Oracle Confidential For Internal Use Only

Supported and planned system configurations: http://idm.us.oracle.com Releese eneo

Oracle Identity Management

Oracle + Sun Combination
Identity Administration

Access Management*

Directory Services

Identity Manager

Access Manager
Adaptive Access Manager
Enterprise Single Sign-On
Identity Federation
Entitlements Server
Web Services Manager

Directory Server EE
Internet Directory
Virtual Directory

Identity & Access Governance

Identity Analytics

Oracle Platform Security Services

Operational Manageability
Management Pack For Identity Management

*Includes OpenSSO STS & Fedlet

Oracle Identity Management

Roadmap Timelines

Oracle Confidential For Internal Use Only

Oracle Identity Manager

Provisioning and Identity Administration
Integrated user and role
administration

Oracle Identity
Manager

Internet-grade scalability
for extranet provisioning
10x Performance Gain

New Attribute-based
Constrained Delegation
Service-Oriented
Flexible integration based on SPML
Extensible workflow based on BPEL

Enterprise
Applications
Custom
Apps

GRANT or
REVOKE

Databases
and LDAP
Mainframes

Oracle Access Manager

New

Authentication and SSO

Applications

Integrated Server and Agent Administration

eCO-Grid, delivering high performance
Session Management
SSO Security Zones scoped to individual
Application
Inline diagnostics for superior manageability
Support for OSSO Upgrades

Data

Services

Oracle Access
Manager

Oracle Adaptive Access Manager

Fraud Prevention

Integrated Case Management & Fraud

Administration

Secure
Login

Oracle Adaptive
Access Manager
Risk Modeling

OTP Anywhere across Interactive

Voice Response, SMS, Email etc.
Universal Risk Snapshots for archival,
restoration, forensics and more
AnswerLogic offers KBA in
combination with registration, answers
and fuzzy logic

Challenge
or Block

Analysis
and
Forensics

Oracle Identity Analytics 11g

Compliance and Identity Governance
Dashboard Risk
& Reports Analytics

IT Audit
Policy

Access
Certification

Compliance Control Panel

Extensive Set of Actionable Dashboards & Risk
Analytics

Advanced Role Mining and Engineering

Oracle Identity Analytics

Cert360 offers complete view of users, roles

and entitlements to reviewer for attestation
Identity Manager

Rich Identity Warehouse

Identity
Warehouse

Identity Data
Sources

Optimized for Analysis, Mining, Correlation,

Reporting on Identity, Access and Policy Data
Access Manager

Integrated with Oracle Identity Manager 11g

and 9.1, and Oracle Waveset

Enterprise Applications

Sun IdM Acquisition Status

Review of IdM Acquisition

Old Name

New Name

Sun Directory Server Enterprise Edition

Oracle Directory Server Enterprise Edition

Sun Role Manager

Oracle Identity Analytics

Sun Identity Manager

Oracle Waveset

Sun OpenSSO Enterprise

Oracle OpenSSO

Strategic Products

Continue and Converge

Oracle Directory Server Enterprise Edition N/A

& Oracle Internet Directory
Oracle Identity Manager

Oracle Waveset

Oracle Access Manager

Oracle OpenSSO

Oracle Identity Analytics

Oracle Role Manager

Sun to Oracle Identity Management

Migration Paths

Oracle Waveset

Oracle OpenSSO

Oracle OpenSSO
(Federation)

18

Oracle Identity Manager

11g

Oracle Access Manager

11g

Oracle Identity Federation

11g

Copyright 2010, Oracle. All rights reserved

Strategic Guidance on OW
Guidance on ways to continue with Oracle Waveset
Where to safely invest, what to avoid, how to prepare

Co-existence Strategy (ahead of Migration)

Support a phased approach to migration
OIM as back-office provisioning automation engine for new
(and eventually all) targets

Migration Solution
Oracle to provide migration solution (methodology, automation
tools, documentation) to migrate from Oracle Waveset to
Oracle Identity Manager

Common Connector Strategy

Leverage connector innovation in current Oracle Waveset
deployment
19

Copyright 2010, Oracle. All rights reserved

Strategic Guidance on OpenSSO

Phased approach to minimize impact during the
transition to OAM 11g
Agent level compatibility
Manual policy migration

Automations, upgrade utilities projected for OAM 11g

Target migrations from 7.x, 8.0
Focus on simple use cases Authentication and SSO
Advanced use cases such as session failover or URL/J2EE
policy will be evaluated on a case by case basis

20

Copyright 2010, Oracle. All rights reserved

OpenSSO OIF 11g

Customers using OpenSSO federation features may migrate to
OIF 11g
SAML / WS-Federation / Liberty ID-FF
OpenSSO Fedlet (certified, bundled with OIF 11g)

Certain features are out of scope for OIF

Liberty ID-WSF, SIS

Migration utilities for standards-based flows

Standard metadata import/export
Custom processing will have to be re-implemented
Some manual steps may be required for metadata and trust

21

Copyright 2010, Oracle. All rights reserved

Business Landscape and

Positioning

Oracles IdM Business Momentum

2005

2010

License Revenue
No. of Products

> 1,300% growth

3

18

No. of Customers

< 250

> 6,000

Developers & PM.

< 60

> 500

NA Consultants

<5

>100

SI Partners

<5

> 70

Oracle Confidential Do Not Distribute

Business Summary

Oracle Confidential Do Not Distribute

Case Study Exelon

OIM for Enterprise Provisioning & Identity Administration

Business Challenges
NERC (North American Electric Reliability Corporation)
regulations were expanded in January 2010 due to homeland
security initiatives
The new regulations resulted in additional reporting and
compliance requirements for energy providers, particularly
those generating nuclear power

Oracle Solution

Return On Investment

Oracle Identity Manager for 22,000

users and Oracle Identity Analytics
chosen over CA and Courion

OIM will allow employees to reduce

application access time from 15 days to
less than 4 hours

Deploying in Sun Solaris Environment

Reduced administrative costs through

user self service

Accenture aligned with Oracle to

recommend us over CA

Oracle Confidential For Internal Use Only

Automated the certification process,

which will significantly reduce time and
money spent on this quarterly activity

Case Study American Express

OIA for Compliance, Attestation, & Identity Governance
Business Challenges
Manual certifications and multiple orphaned accounts
Needed a central repository for who-has/had what access
Business struggles with cryptic names for entitlements

Oracle Solution
Oracle Identity Analytics with 200K
users, 5M accounts, 24M entitlements
and 6.5M glossary definitions
Defined user access certifications
across 1400 applications
Automated closed loop remediation by
integrating with provisioning

Oracle Confidential For Internal Use Only

Return On Investment
Removed 500K orphaned accounts
Automated 13,000 access
certifications
Successfully certified transfers to
ensure proper access
Eliminated the disconnect between
business and IT in regards to glossary
definitions

Case Study Lockheed Martin

Sun Subscription to Oracle Migration
Business Challenges
Subscription Sun Identity Manager Licensee
License term can run through, but not possible to renew
after that putting their future project plans at risk
Lockheed is using a non-strategic technology (Sun Identity
Manager)

Oracle Solution

Return On Investment

Oracle Identity Manager Perpetual Use

License
Cancel Sun Subscription License

Lockheed is now on the path to migrate

to the strategic technology and can plan
to do so in a non-rushed fashion

Provide 24 months of right to use both

Sun and Oracle during the technical
migration process

Oracle Confidential For Internal Use Only

IdM Competitive Summary: Suites

Suite Breadth

Access Mgmt
& Entitlements
Fraud Prev. &
Strong Authn
Identity
Administration
Directory
Services
Audit &
Compliance

Full IdM Comp Intell at http://my.oracle.com/compete and http://idm.us.oracle.com

Oracle Confidential For Internal Use Only

Competing with IBM

Positioning Against IBM

What to Expect from IBM

Product and Deployment Complexity

A lot of FUD around Sun.

Complex licensing model

Solutions-based sales model, i.e., IBM

Global Services will bundle HW, SW, and
professional/managed services

Competitive displacements, especially for

TIM/TAM. Use strong Oracle References.
Audit and Compliance capabilities;
Sophistication in role management, GRC/SoD
integration
Support for Fine-grained Authorization and
Entitlements

IBM claims they are the market leader for

web access management
Will highlight their strong integration
between Provisioning and SIEM (Security
Information and Event Management).

Depth and Breadth of IdM integration with Oracle

Strategic relationships at the CXO levels
Ebusiness Suite, PeopleSoft, Siebel and SAP

In Depth IBM Comp Intell - http://my.oracle.com/portal/page/myo/compete/master_ci/ibm_tivoli

Oracle Confidential For Internal Use Only

A new breed of competition

Most visible OIA Competitor
They message around ease
of use, simplicity, and cost
effectiveness
We need to message around
completeness of stack, deep
investment in this space,
tight integration with OIM,
and ability to do complex role
management and rule
lifecycle management
Question their products
ability to scale
Click SailPoint logo for more
detailed comp intell and
positioning points

Oracle Confidential For Internal Use Only

Directory Services
Competitor
They message around next
generation IdM infrastructure
and ability to scale
We need to message around
completeness of stack
including the top directory
services platform used in
numerous highly distributed,
scaled, and mission critical
instances
Question their companys
ability to scale to support
large customer deployments

Commercial support for former

Sun Open Source
They message around the
virtues of Open Source
technology and their ability to
enhance and support the
products
We need to message around the
best parts of Sun IdM merging
with Oracle IdM to deliver the
leading next generation IdM
technologies
Clarify that Oracle is supporting
commercial licensees of
OpenSSO and offers license and
technical migrations to Oracle
Question their ability to support
all of the technologies they are
taking on

Q&
A