Oracle launches new security strategy and software

This morning, Oracle rolled out an ambitious strategy aimed at achieving more consistent security in large organizations, along with the first four software components of its new "Service-Oriented Security" architecture.

But given all of Oracle's software acquisitions in recent years, how well will the new security model support Oracle's entire customer base?

Essentially, the new architecture is designed to replace hard-coded security features in individual applications with reusable Web services, officials said in making the announcement at the RSA Conference in Redwood Shores, CA. It also adds role management technology -- garnered through Oracle's buyout of Bridgestream last fall -- to Oracle's existing offerings in access management and user provisioning.

Still in beta testing is an administrative component of Service-Oriented Security, known as Oracle Fine Grained Authorization.

Three other components are already in general release: Oracle Role Manager, for deploying role-based access control, provisioning and approvals; Oracle Application Access Controls Governor 8.0, for access control monitoring; and the first open source component of the new Identity Governance Framework.

Oracle developed the development framework component together with the Liberty Alliance, an industry group working on interoperable identity standards.

Today's security launch by Oracle follows the announcement last week of Oracle Authentication Services for Operating Systems. Like Role Manager, for example, Oracle Authentication Services for OS is an offering within Oracle Identity Management.

Oracle Identity Management, in turn, is a component of Oracle's Fusion Middleware, said Roger Sullivan, VP of business development for Oracle's identity management products.

But Oracle's Fusion is quite a different animal from the middleware inherited through Oracle's recent acquisition of BEA Systems.

Authentication Services for OS is "software that centralizes user management and authentication across major Linux and Unix flavors," Sullivan wrote in a recent blog entry.

Meanwhile, though, many BEA customers had been using tools such as JRockit to run BEA's WebLogic middleware on Microsoft Windows servers.

Also at this week's RSA Conference, Oracle announced enhancements to its Web services-based Enterprise Manager product that include new plug-ins for Microsoft Exchange; Sybase Adaptive Server; VMware ESX; Apache Tomcat; SAP Applications; and EMC Clariion CS.