Will the real Oracle Identity Management please stand up (part II)

by Deborah Volk on March 29th, 2009

Read Part I

How does a company compete in a market dominated by incumbents? The MBA case studies written on this topic weigh in at hefty poundage, more than enough to cause deforestation of the entire Amazon flora. Oracle, faced with the onslaught of Weblogic and Websphere, employed a classic "divide and conquer" strategy. On one side, OAS was either heavily discounted or thrown in for free to seed the market. On the other side of this equation, OAS was tightly coupled to Oracle's products, causing a drag-through or coattails effect. If a customer bought a product that was just a few steps away from the database in the architectural terms, this product probably required OAS (which required OID which required the database). From a customer's perspective, this coupling could translate to either positive (look, ma, integrated stack!) or negative (look, ma, one more pile of hardware in my datacenter).

Oracle Applications (now e-Business Suite ) was and remains to be, well, the Oracle application but Oracle has other apps too. Oracle's customers wanted single sign-on (SSO) across Oracle's apps and while Oracle integrated with leading SSO vendors of the day such as Netegrity and Oblix , the divide and conquer strategy for OAS was still in effect. As point solutions for functional silos (single sign-on, provisioning, etc) bubbled up and became part of the broader identity and access management market, Oracle's marketing machine took note and Oracle Identity Management was born.
Oracle's acqusition spree of identity and access management companies and expansion of Fusion was yet to come so this was Oracle's response to customer demand and to some extent competition from bigger players such as IBM. OAS (OracleAS in the diagram above) is the bundle of J2EE app server (OC4J) and web server (OHS), LDAP directory is Oracle Internet Directory (NOT any 3rd party LDAP-compliant directory) and OAS certificate authority is a holdover from the times when PKI was sexy. Directory Integration is a set of tools that allow for synchronization of data to/from OID and other directories. Delegated Administration Services is an interface for managing data in OID via self-service or lightweight delegation model. Provisioning service is an interesting example of what Oracle thought of provisioning back then. As the rest of the Identity Management services in this "stack", Provisioning service revolved around getting the data to/from OID:
Viewed in these directory-flavored and data-oriented terms, Oracle Identity Management closely resembles a set of services commonly found in a metadirectory. This is all peaches and cream but where is OAS in all of this? That's where Oracle Single Sign-On comes into play. The first diagram calls it OracleAS Single Sign-On but you'll find just as many references to Oracle Single Sign-On (OSSO) .

The genius of Oracle's marketing (and I really do mean it with respect) was to create a single sign-on "product" out of nothing. To quote Oracle documentation "The single sign-on server consists of program logic in the OracleAS database, Oracle HTTP Server, and OC4J server ". Whoomp! There it is. There's no separate single sign-on product, it's just integration and glue.

Posted in (Legacy) Oracle Identity Management, Oracle Internet Directory, Access Management    Tagged with oas, ohs, oc4j, oid, osso


Leave a Comment


follow on

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)