Oracle Extends Identity and SSO to Mobile Devices
With new features for enterprise mobile app developers, Oracle Identity Management 11g Release 2 enables the extension of authenticated access beyond the four walls of the organization.
In enterprise IT, identity is a cornerstone technology providing authorized access to employees in a manner that can be tracked for compliance. It's a role that Oracle's Identity Management portfolio has been providing for years for wired devices -- and is now being extended in the 11g R2 release to a new generation of mobile requirements ushered in by Bring-Your-Own-Device (BYOD) trends.
Amit Jasuja, vice president of development for Oracle's Identity Management and Security Products, explained to eSecurity Planetthat the new release takes care of a number of persistent mobile challenges.
One of those challenges is the issue of cached passwords on mobile devices. With many mobile apps, passwords are cached on the device, in an effort to make them easier to use. The risk is that if that password is not properly secured in the cache, the user identity could be at risk.
"Companies that are building apps have typically been rolling their own security solution for passwords on the mobile side," Jasuja said. "What we're doing is providing a layer on top of our web single sign-on that extends to mobile apps."
Jasuja added that the mobile apps also need a security client that provides proper procedures for password hashing protection. As part of the Oracle Identity Management 11g Release 2 update, there is a Software Development Kit (SDK) for mobile developers that provides the tools necessary to natively talk to the REST interfacesthat are available on the server side. REST is a web protocol that is used for the transport of data, including identity information.
Going a step further, the identity engine leverages the oAuthstandard to enable single sign-on across multiple mobile applications.
"We've had the single sign-on experience in the web world and now we're extending that to the mobile world," Jasuja said.
Social identity integration is also part of the identity release. Using the OpenID standard, Oracle can now also pass identity information to social sites as well web signups. The way that works is when user information needs to be submitted for a particular site, there is a dialog box that pops up asking for authorization. Once that authorization is given, the user information can be transferred to the third party site in a secured manner.
The Oracle Identity Management 11g Release 2 builds on the existing capabilties that the initial release of the platform first delivered.
"The whole message here is with Oracle Identity Management 11g Release 1, customers had a platform that provided basic capabilities around user provisioning and web single sign-on," Jasuja said. "Now we're taking those capabilities and extending them into the mobile, social, and cloud world."
While Oracle is extending identity to mobile devices, it is not delivering a full Mobile Device Management (MDM) experience.
"When you think about MDM and BYOD, we're not focusing on that as that's not our core market," Jasuja said. "Our focus is on companies that are building apps for their customers."
That said, Oracle's software does have the ability to identify a number of mobile characteristics that are sometimes associated with MDM technologies. For example, jail broken devices can be detected and whether or not there is a password policy for the device.
"We do have integration with device characteristics but it's not full MDM," Jasuja said "We are working with MDM vendors, to provide tighter integration in the future."
By Paul Rubens
April 09, 2012
Is your company prepared to manage the risks introduced by the BYOD (Bring Your Own Device) trend? Here's how to review and strengthen your organization's mobile security posture.