Oracle Entitlements Server
Introduction
Oracle Entitlements Server is a fine grained authorization engine that externalizes, unifies, and simplifies the management of complex entitlement policies—strengthening security and compliance, improving IT efficiency, and enhancing business agility. These authorizations may be used to protect the most fine grained business or IT concept. For example, Oracle Entitlements Server policies can describe how users interact with entire application interfaces or even single form fields. Oracle Entitlements Server protects user interfaces, business logic, and even databases. Oracle Entitlements Server is a component of Oracle Fusion Middleware, a well-integrated family of customer-proven software products designed to shine in the most demanding customer environments.
Oracle Entitlements Server provides a centralized administration point for complex entitlement policies across a diverse range of business and IT systems. Oracle Entitlements Server offers a sophisticated delegated administration model that allows multiple organizations and application stakeholders to create, modify and report on the entitlement policies that affect them. This management can be done by security policy specialists and do not require intervention by a development organization. Oracle Entitlements Server integrates with existing Oracle Identity and Access Management produces (such as Oracle Access Manager, Oracle Adaptive Access Manager) to provide a complete end to end access management solution covering a wide span of entitlement use cases.
| Key Features | Benefits |
|---|---|
| Web based fine grained entitlements for applications | Reduce administrative overhead and speeds application deployment time by empowering line of business users to define, administer and enforce application entitlements policy |
| Interoperability through open standards | Supports XACML 2.0 request response profile and XACML policy export for interoperability. Supports SAML for identity federation. |
| Design and runtime analysis | Strengthen governance and compliance adherence with design time and runtime analysis |
| Intelligent policy distribution | Ensures that Security Modules are given only the policies they need and keeps Security Modules synchronized with latest policy updates.. |
| Flexible Administration | Adapts to multiple administrative scenarios involving any number of participants across multiple organizations and lines of business. |
| Built for Integration | Entitlements Server administrative features are fully accessible via web based or programmatic means. |
Policy Administration
The administration features of Oracle Entitlements Server include:
- Support for massive policy stores with thousands of resources and policies
- Partitioning features for large numbers of organizations and applications
- Fully delegated administration with flexible role mapping of users
- Web-based interface that runs on popular J2EE containers
- Fully programmable administrative interface for custom administrative needs
- Administration model that is protected by OES itself
Policy Distribution
Oracle Entitlements Server handle the task of publishing policies to the individual Security Modules protecting applications and services. This distribution provides a transactional mechanism to ensure each Security Module has just the policy it needs.Features of the policy distribution include:
- Ability to update policies in Security Module without interrupting applications.
- Intelligent push technology that only pushes the policies needed by a Security Module.
- Sophisticated protocol which handles interrupted distribution scenarios.
- Simple architectural requirements for policy distribution without foresaking security and integrity of policies in-flight
- Security Modules operate in a 'disconnected' mode with no runtime dependency on Entitlements Server.
Support for Multiple Platforms
Oracle Entitlements Server runs on many popular J2EE containers such as WebLogic Server, Tomcat and WebSphere. Policy repositories can be stored in Oracle Database, Sybase, SQL Server and DB2.
Policy Reporting
Oracle Entitlements Server provides ad-hoc query facility to help policy administrators understand how users and roles map to permissions and entitlements. Policy reports can be generated for specific application resources (e.g. reports, database columns, EJBs), identies (users, groups, roles) and even permissions. Reports are available as simple text files for consumption by downstream BI or reporting tools.
Bottom Line
Oracle Entitlements Server is the only enterprise-class entitlements solution that provides rich fine-grained entitlements and centralized security administration for both application software components and application business objects. Oracle Entitlements Server strengthens security and compliance, increases IT efficiency and enhances business agility by decoupling security logic from applications, providing consistent policy administration, and enforcing auditability across applications across the enterprise.
- Oracle Corporation
- World Headquarters
- 500 Oracle Parkway
- Redwood Shores, CA 94065
- Worldwide Inquiries:
- +1.650.506.7000
- Fax +1.650.506.7200
- http://www.oracle.com/
- Copyright© Oracle Corporation 2008
- All Rights Reserved
This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document.
Oracle is a registered trademark of Oracle Corporation.
All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.