tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P44

Applied Oracle Security: Developing Secure Database and Middleware Environments- P44:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | This page intentionally left blank CHAPTER 10 Oracle Directory Services 406 Part III Identity Management his chapter focuses on Oracle s approach to solving the challenge of providing fast reliable and scalable repository for storing organizing and retrieving identity and access information. Oracle s directory strategy relies on the Lightweight Directory Access Protocol LDAP standard as the primary interface for exchanging and managing the directory data. The original point of creating the LDAP server was to have an information repository highly optimized for reading data. While Oracle has certainly made its LDAP servers much more capable in handling large transaction read-write volumes optimized reads continues to be the basic driver for using an LDAP server. Oracle offers two directory products Oracle Internet Directory OID and Oracle Virtual Directory OVD that represent two unique but complementary solutions for managing and exchanging identity and access information via LDAP. In this chapter we will review these products from the perspective of managing storing organizing and retrieving identity data. Instead of being too focused on the LDAP standard or generic directory design we focus on how to apply these Oracle products to solve common challenges in this space. Identity Management and the LDAP Directory The user directory is a bedrock entity of identity management for storing managing organizing and sharing identity information with applications where those identities are access controlled. LDAP has become the de facto standard in interacting with directory data and is therefore a core part of any identity management product strategy including that of Oracle. While LDAP provides a standard information access interface and protocol identity management faces a major issue with the proliferation of directory systems of different types different data models and different naming conventions. For example it is common to see Active Directory being used for the .