Mark Wilcox

Subscribe to Mark Wilcox feed
Oracle Blogs
Updated: 17 hours 49 min ago

Test Blog Entry for Migration

Tue, 2017-03-21 14:29
Adding a blog entry for the purposes of testing the upcoming blog migration.

Test Blog Entry for Migration

Tue, 2017-03-21 14:29
Adding a blog entry for the purposes of testing the upcoming blog migration.

Security Link Roundup - January 4, 2016

Mon, 2016-01-04 10:50
January 4, 2016 Oracle Consulting Security Link Roundup
I'm Mark Wilcox.The Chief Technology Officer for Oracle Consulting- Security in North America and this is my weekly roundup of security stories that interested me.###Database of 191 million U.S. voters exposed on Internet: researcherSo 2016 starts off with another headline of a database breach. In this case 191 million records of US voters. This is ridiculous. And could have been prevented.And a sobering reminder to contact your Oracle represenative and ask them for a database security assessment by Oracle consulting.###Secure Protocol for Mining in Horizontally Scattered Database Using Association RuleData mining is a hot topic - it's essential to marketing, sales and innovation. Because companies have lots of information on hand but until you start mining it, you can't really do anything with it.And often that data is scattered across multiple databases.In this academic paper from the "International Journal on Recent and Innovation Trends in Computing and Communication" the authors describe a new protocol that they claim respects privacy better than other options.On the other hand - Oracle already has lots of security products (for example database firewall, identity governance) that you can implement today to help make sure only the proper people have access to the data.So make sure to call your Oracle represenative and ask for a presentation by Oracle Consulting on how Oracle security can help protect your data mining databases. ###A Guide to Public Cloud Security ToolsCloud computing is happening.And most people are still new to the space.This is a good general article into the differences in security between public and private clouds.Plus has a list of tools to help you with cloud security.And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.###Survey: Cloud Security Still a Concern Heading into 2016Security continues to be the biggest concern when it comes to cloud.While there are challenges - I find securing cloud computing alot simpler than on-premise. Assuming your cloud hosting is with one of the major vendors such as Oracle or Amazon.And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.###40% BUSINESS DO NOT USE " SECURITY ENCRYPTION" FOR STORING DATA IN CLOUD"Holy crap, Marie." I watch a lot of reruns of "Everybody Loves Raymond" and I feel like this story is another rerun.Except unlike Raymond this is a rerun of a bad TV show.Encrypting a database is one of the best ways to secure your data from hackers.So before you start storing data in the cloud, in particular with an Oracle database make sure you have Oracle Consulting do a security assessment for you. That way you can know what potential problems you have before you start storing sensitive production data.###image credit unsplash.

Security Link Roundup - January 4, 2016

Mon, 2016-01-04 10:50

January 4, 2016 Oracle Consulting Security Link Roundup

I'm Mark Wilcox.

The Chief Technology Officer for Oracle Consulting- Security in North America and this is my weekly roundup of security stories that interested me.

###

Database of 191 million U.S. voters exposed on Internet: researcher

So 2016 starts off with another headline of a database breach.

In this case 191 million records of US voters.

This is ridiculous.

And could have been prevented.

And a sobering reminder to contact your Oracle represenative and ask them for a database security assessment by Oracle consulting.

###
Secure Protocol for Mining in Horizontally Scattered Database Using Association Rule

Data mining is a hot topic - it's essential to marketing, sales and innovation. Because companies have lots of information on hand but until you start mining it, you can't really do anything with it.

And often that data is scattered across multiple databases.

In this academic paper from the "International Journal on Recent and Innovation Trends in Computing and Communication" the authors describe a new protocol that they claim respects privacy better than other options.

On the other hand - Oracle already has lots of security products (for example database firewall, identity governance) that you can implement today to help make sure only the proper people have access to the data.

So make sure to call your Oracle represenative and ask for a presentation by Oracle Consulting on how Oracle security can help protect your data mining databases.

###
A Guide to Public Cloud Security Tools

Cloud computing is happening.

And most people are still new to the space.

This is a good general article into the differences in security between public and private clouds.

Plus has a list of tools to help you with cloud security.

And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.

###
Survey: Cloud Security Still a Concern Heading into 2016

Security continues to be the biggest concern when it comes to cloud.

While there are challenges - I find securing cloud computing alot simpler than on-premise.

Assuming your cloud hosting is with one of the major vendors such as Oracle or Amazon.

And if you are wanting to use cloud to host Oracle software - please call your Oracle represenative and ask them to arrange a meeting with Oracle Consulting Security to talk about how Oracle can help do that securely.
###
">40% BUSINESS DO NOT USE " SECURITY ENCRYPTION" FOR STORING DATA IN CLOUD

"Holy crap, Marie."

I watch a lot of reruns of "Everybody Loves Raymond" and I feel like this story is another rerun.

Except unlike Raymond this is a rerun of a bad TV show.

Encrypting a database is one of the best ways to secure your data from hackers.

So before you start storing data in the cloud, in particular with an Oracle database make sure you have Oracle Consulting do a security assessment for you.

That way you can know what potential problems you have before you start storing sensitive production data.

###
image credit unsplash.

How To Do Single Sign On (SSO) for Web Services

Wed, 2013-12-11 08:38

A recent question on our internal list was

"A customer has OAM and wants to do SSO to SOAP Web Services".

In this case the customer was using Webcenter Content (the product formerly known as Unified Content Manager UCM). But the scenario applies to any SOAP Web Service.

My answer was well received and there isn't anything proprietary here so I thought I would share to make it easier for people to find and for me to refer to later.

First - There is no such thing as SSO in web services.

There is only identity propagation.

Meaning that I log in as Fabrizio into OAM, connect to a Web application protected by OAM.

That Web application is a Web Services client and I want to tell the client to tell the Web Services that Fabrizio is using the service.

The first step to set this up is to protect the web services via OWSM.

The second step is to translate the OAM token into a WS-Security token.

There are 3 ways to this second step:

1 - If you are writing manual client and don't want any other product involved - use OAM STS

2 - Use Oracle Service Bus (which most likely will also use OAM STS but should make this a couple of mouse clicks)

3 - Use OAG - which doesn't need to talk to STS. It has a very simple way to convert OAM into WS-Security header.

If you're not using OSB already - I would recommend OAG. It's by far the simplest plus you get the additional benefits of OAG.

PS - You can use OSB and OAG together in many scenarios - I was only saying to avoid OSB here because the service was already exposed and there was no benefit I could see for having OSB. If you have a reason to have OSB - let me know. I only know OSB at a very high level since my area of focus is security.

How To Do Single Sign On (SSO) for Web Services

Wed, 2013-12-11 08:38

A recent question on our internal list was

"A customer has OAM and wants to do SSO to SOAP Web Services".

In this case the customer was using Webcenter Content (the product formerly known as Unified Content Manager UCM). But the scenario applies to any SOAP Web Service.

My answer was well received and there isn't anything proprietary here so I thought I would share to make it easier for people to find and for me to refer to later.

First - There is no such thing as SSO in web services.

There is only identity propagation.

Meaning that I log in as Fabrizio into OAM, connect to a Web application protected by OAM.

That Web application is a Web Services client and I want to tell the client to tell the Web Services that Fabrizio is using the service.

The first step to set this up is to protect the web services via OWSM.

The second step is to translate the OAM token into a WS-Security token.

There are 3 ways to this second step:

1 - If you are writing manual client and don't want any other product involved - use OAM STS

2 - Use Oracle Service Bus (which most likely will also use OAM STS but should make this a couple of mouse clicks)

3 - Use OAG - which doesn't need to talk to STS. It has a very simple way to convert OAM into WS-Security header.

If you're not using OSB already - I would recommend OAG. It's by far the simplest plus you get the additional benefits of OAG.

PS - You can use OSB and OAG together in many scenarios - I was only saying to avoid OSB here because the service was already exposed and there was no benefit I could see for having OSB. If you have a reason to have OSB - let me know. I only know OSB at a very high level since my area of focus is security.

The Difference Between Access Manager 10g and 11g Webgates

Thu, 2013-08-29 11:00

A common question we get is what is the difference between Access Manager 10g and Access Manager 11g webgates.

My colleague Yagnesh who covers webgates put together a simple list:

Here is 11g features:

  • Oracle Universal Installer for platform. Generic for all platforms
  • Host-based cookie
  • Individual WebGate OAMAuthnCookie_ making it more secure
  • A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
  • One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
  • OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
  • Capability to act as a detached credential collector
  • Webgate Authorization Caching
  • Diagnostic page to tune parameters
  • Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.

And 10g:

  • InstallShield and One installer per platform
  • Domain-based cookie
  • ObSSOCookie (one for all 10g Webgates)
  • Global shared secret stored in the directory server only (not accessible to WebGate)
  • There is just one global shared secret key per OAM deployment which is used by all the WebGates
  • OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
  • One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.

The Difference Between Access Manager 10g and 11g Webgates

Thu, 2013-08-29 11:00

A common question we get is what is the difference between Access Manager 10g and Access Manager 11g webgates.

My colleague Yagnesh who covers webgates put together a simple list:

Here is 11g features:

  • Oracle Universal Installer for platform. Generic for all platforms
  • Host-based cookie
  • Individual WebGate OAMAuthnCookie_ making it more secure
  • A per agent key, and server key, are used. Agent key is stored in wallet file and Server key is stored in Credential store
  • One per-agent secret key shared between 11g WebGate and OAM Server One OAM Server key
  • OAM 11g supports cross-network-domain single sign-on out of the box. Oracle recommends you use Oracle Identity Federation for this situation.
  • Capability to act as a detached credential collector
  • Webgate Authorization Caching
  • Diagnostic page to tune parameters
  • Has separate install and configuration option. Hence, single install and multiple instance configuration is supported.

And 10g:

  • InstallShield and One installer per platform
  • Domain-based cookie
  • ObSSOCookie (one for all 10g Webgates)
  • Global shared secret stored in the directory server only (not accessible to WebGate)
  • There is just one global shared secret key per OAM deployment which is used by all the WebGates
  • OAM 10g provides a proprietary multiple network domain SSO capability that predates Oracle Identity Federation. Complex configuration is required.
  • One Web server configuration supported per WebGate. Need to have multiple WebGates for multiple instances.

Fresh, Informative and Fun - Join Us For Your Opening Presentation at Open World 2013

Thu, 2013-08-29 09:25

Join us on Monday September 23, 2013 for Senior Vice President Amit Jasuja's presentation.

It's called "CON8808 - Oracle Identity Management: Enabling Business Growth in the New Economy".

The title is boring but the presentation will be fresh, informative and fun.

This is our annual presentation to share our thoughts on where the world is going in terms of identity management and letting customers who are leading the way let you know how they are getting there.

And we will deliver this to you in a way that promises to be as entertaining as it is informative.

Click here and schedule yourself for Amit's session before we run out of room

Fresh, Informative and Fun - Join Us For Your Opening Presentation at Open World 2013

Thu, 2013-08-29 09:25

Join us on Monday September 23, 2013 for Senior Vice President Amit Jasuja's presentation.

It's called "CON8808 - Oracle Identity Management: Enabling Business Growth in the New Economy".

The title is boring but the presentation will be fresh, informative and fun.

This is our annual presentation to share our thoughts on where the world is going in terms of identity management and letting customers who are leading the way let you know how they are getting there.

And we will deliver this to you in a way that promises to be as entertaining as it is informative.

Click here and schedule yourself for Amit's session before we run out of room

If You Are Interested In OUD - You Need To Be Reading Sylvain Duloutre's Blog

Wed, 2012-05-02 14:38
My colleague Sylvain Duloutre is writing a series of posts about Oracle Unified Directory (OUD) including how to co-habitate and migrate from DSEE to OUD which is how we believe most existing DSEE customers who adopt OUD will make the move.You can read his blog here.

If You Are Interested In OUD - You Need To Be Reading Sylvain Duloutre's Blog

Wed, 2012-05-02 14:38
My colleague Sylvain Duloutre is writing a series of posts about Oracle Unified Directory (OUD) including how to co-habitate and migrate from DSEE to OUD which is how we believe most existing DSEE customers who adopt OUD will make the move.
You can read his blog here.

Announcing Oracle Optimized Solution for Oracle Unified Directory

Fri, 2012-04-20 02:03
I'm happy today to be able to share that we released an optimized solution for Oracle Unified Directory. It's one of the first public announcements we can make of several cool & useful things we've been working on. We have more coming from identity & access team. Which reminds me - for my loyal readers here - since December 2011 - besides covering directory - I am also now on the Oracle Access Manager Suite team. My colleague Sylvain post summed it up nicely what it is:Oracle Optimized Solution for Oracle Unified Directory is a complete solution - Software and Harware engineered to work together.It implements Oracle Unified Directory software on Oracle's SPARC T4 servers to provide highly available and extremely high performance directory services for the entire enterprise infrastructure and applications. The solution is architected, optimized, and tested to deliver simplicity, performance, security, and savings in enterprise environments. More details available at http://www.oracle.com/us/solutions/1571310 While that post is short - it is dense with information. So to explain it simpler - within Oracle we have a team (Optimized Solutions) who work with our product teams to show how our customers can get the best performance out of our hardware when running a specific software package. Instead of just giving you a generic tuning guide for our product - we've gone through the tuning steps and tested the configuration(s) for you. Thus besides giving you great performance - it's faster & simpler deployment because you can reduce the time it takes to run a tuning exercise from scratch. Optimized solutions simplifies that exercise because we've already done most (if not all) of the work for you. Click here to learn more about our Optimized Solution for Oracle Unified Directory.

Announcing Oracle Optimized Solution for Oracle Unified Directory

Fri, 2012-04-20 02:03
I'm happy today to be able to share that we released an optimized solution for Oracle Unified Directory. It's one of the first public announcements we can make of several cool & useful things we've been working on. We have more coming from identity & access team. Which reminds me - for my loyal readers here - since December 2011 - besides covering directory - I am also now on the Oracle Access Manager Suite team. My colleague Sylvain post summed it up nicely what it is: Oracle Optimized Solution for Oracle Unified Directory is a complete solution - Software and Harware engineered to work together. It implements Oracle Unified Directory software on Oracle's SPARC T4 servers to provide highly available and extremely high performance directory services for the entire enterprise infrastructure and applications. The solution is architected, optimized, and tested to deliver simplicity, performance, security, and savings in enterprise environments. More details available at http://www.oracle.com/us/solutions/1571310 While that post is short - it is dense with information. So to explain it simpler - within Oracle we have a team (Optimized Solutions) who work with our product teams to show how our customers can get the best performance out of our hardware when running a specific software package. Instead of just giving you a generic tuning guide for our product - we've gone through the tuning steps and tested the configuration(s) for you. Thus besides giving you great performance - it's faster & simpler deployment because you can reduce the time it takes to run a tuning exercise from scratch. Optimized solutions simplifies that exercise because we've already done most (if not all) of the work for you. Click here to learn more about our Optimized Solution for Oracle Unified Directory.

Oracle Identity Management (OID, OVD, OIF) 11gR1 Patchset 5 (11.1.1.6) Released.

Thu, 2012-02-23 15:51
I'm sure you've seen the flood of announcements from the other Fusion Middleware products about the 11.1.1.6 release. We got in on the fun too.You can download it here. And for a fresh install - you can start directly from 11.1.1.6. For the most part this is just a bug fix release for us.But there are a couple of enhancements I would like to share.Oracle Virtual DirectoryThe biggest enhancement I would highlight is that we have dramatically simplified configuring OVD for Enterprise User Security (EUS). EUS has been something that has always worked but required to execute lots of individual steps. We now have this setup as a wizard and OVD's own Local Store Adapter holds most of the meta-data. So less work on the enterprise LDAP and fewer steps. It should mean initial EUS configuration by most people can now be done in less than a day. Directory Integration PlatformDIP has been part of Oracle for over a decade but until 11.1.1.6 it required OID. Now it can be used with DSEE or OUD as its metadata store.This now means that if you want to deploy DSEE or OUD but need to synchronize groups & users from AD - you can do it without needing any type of custom code or bringing in a full provisioning product.

Oracle Identity Management (OID, OVD, OIF) 11gR1 Patchset 5 (11.1.1.6) Released.

Thu, 2012-02-23 15:51
I'm sure you've seen the flood of announcements from the other Fusion Middleware products about the 11.1.1.6 release. We got in on the fun too. You can download it here. And for a fresh install - you can start directly from 11.1.1.6. For the most part this is just a bug fix release for us. But there are a couple of enhancements I would like to share. Oracle Virtual Directory The biggest enhancement I would highlight is that we have dramatically simplified configuring OVD for Enterprise User Security (EUS). EUS has been something that has always worked but required to execute lots of individual steps. We now have this setup as a wizard and OVD's own Local Store Adapter holds most of the meta-data. So less work on the enterprise LDAP and fewer steps. It should mean initial EUS configuration by most people can now be done in less than a day. Directory Integration Platform DIP has been part of Oracle for over a decade but until 11.1.1.6 it required OID. Now it can be used with DSEE or OUD as its metadata store. This now means that if you want to deploy DSEE or OUD but need to synchronize groups & users from AD - you can do it without needing any type of custom code or bringing in a full provisioning product.

Pages