con8817 api management - enable your infrastructure for secure mobile and cloud use - final
TRANSCRIPT
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.1
API Management: Enable Your Infrastructure for Secure Mobile and Cloud UseSid MishraSr. Principal Product Manager
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.4
Program Agenda
API Security and Management Challenges Access Control for SOA & Cloud Services
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5
Market Trend: New Challenges of a Modern Enterprise
Rebirth and Proliferation of APIs has introduced a new dimension.
Publishing Internet APIs reliably is more important than ever.
Socializing and monetizing internal information
Mobile, Social and Cloud Access
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6
API Security Challenges
Cloud Security
Security Inside-Out
Perimeter Security
Middleware Security
Application Security
Security for hybrid infrastructure on-premise as well as in the
Cloud.
Flexibility & Agility
Provide end-point security in heterogeneous environments.
Consistency & Manageability
Secure the Enterprise from external threats at the perimeter.
Control & Assurance
Protect from internal threats, reduce security burden on applications.
Broad & Deep integration
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7
Oracle Web Services and API Security
First Line Of Defense
Shared Services Layer
End PointSecurity
HTTP, SOAP, REST, XML,JMS
HTTP, SOAP, REST, XML, JMS
Service BusOWSM Agent
Extranet Counter External Threat
DMZ IntranetCounter Internal Threats
WS-Security,Basic Auth,Digest,X509, UNT,SAML, KerberosSign & Encrypt
* - Planned Capabilities
OWSM Agent
OWSM Agent
WS-Security,Basic Auth,Digest,X509, UNT,SAML, KerberosSign & Encrypt
OES PDP
OAG
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8
Externalized Access Control
Corporate DMZ Corporate Network
HTTP/REST/SOAP/OAuth Clients
Oracle Adaptive Access Manager
Mobile and Social
OAM Agent
SOAP/REST and Legacy Web Services
Remote Token Request
LDAP
Secondary Authentication
Oracle Access Manager
Directory Services
Oracle API Gateway
Web Services Manager Service Bus
OES PDP
OES PDP
OES PDP
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9
Identity Context Service
WebTier
WEB SSO
ApplicationTier
Application
Portal
ServiceTier
Web Services
EJBs
Databases
Directories
Identity Federation
SOA
Service Bus
Risk / Adaptive Authentication
2. Publish, Propagate & Evaluate claims across Oracle Fusion Middleware stack
1. C
olle
ct C
laim
s
DeviceTier
Smartphone
Tablet
Laptop
Server
Enterprise / WorkSocial / Life
Mobile / Presence
Context
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10
Oracle Business Transaction Monitor
API Key Management
11gR2 Certification Parameterized Policies
Improved REST support with native JSON
Simplified Administration & Unified Admin Console
OAUTH 2.0 Client & Server
Oracle API GatewayWhat’s New
Oracle Mobile & SocialAccess Management
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11
REST API Reference Architecture
SOAP/RESTand Legacy
Web ServicesService Bus
API Gateway
API Portal
API Clients
Developers 4
2
ProtocolsHTTP, SOAP, REST, XML JMSFTP
REST
JWTOAM, SMBasic Auth, X.509
1Service BusDirectly accessed by internal clients, provides:• Routing, mediation,
versioning - abstracts backend services from internal clients
• Heavy duty payload transformations
• Protocol translation for legacy apps
2API GatewayExposes API’s to the external world, provides:• API Key generation/validation• Access enforcement• OAUTH Server• Rate Limiting / Client Throttling• Response caching• API virtualization in the DMZ• Security token & protocol mediation• Firewalling, method/parameter
whitelisting• API aggregation & mash-up• API usage measurement & reporting
3RepositoryProvides:• API catalog• API dependency analysis• API lifecycle
management
4API Portal External developer portal, sits on top of API repository & API gateway - provides:• Self service registration,
onboarding• “API marketplace”• API documentation,
forums, blogs, support• API Key delivery• API testing tools• Visualization of runtime
usage metrics / monitoring
• Billing
SecurityWS-Security,Basic Auth,Digest,X509, UNT,SAML, KerberosSign & Encrypt
Repository31
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.12
To Summarize:
The enterprise web consists of APIs - driven by cloud and mobility
The security problems remain the same
• It’s still about DMZ Security, Access Control, Insider Threat• Names have changed
Service Protection has a history of proprietary challenges
• Service abstraction and a standards based layer enables better security.
Entitlements based access control helps you respond to changes much quicker.
When you build APIs
• Build secure and managed APIs
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13
Join the Oracle IDM Community
oracle.com/identity
Twittertwitter.com/OracleIDMFacebookfacebook.com/OracleIDMBlogblogs.oracle.com/OracleIDM
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14
Questions?
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15
Don’t Miss These IDM Sessions
CON8837 Wednesday 09/25, 11:45AM Moscone West,
Room 2018Leverage Authorization to Monetize Content and Media Subscriptions
Roger Wigenstam, Oracle
CON8823 Wednesday 09/25, 5:00PM Moscone West,
Room 2018Access Management for the Internet of Things
Kanishk Mahajan, Oracle
CON8836 Thursday 09/26, 11:00AM Moscone West,
Room 2018Leveraging the Cloud to simplify your Identity Management implementation
Guru Shashikumar, Oracle
CON 4342 Thursday 09/26, 12:30PM
Moscone West, Room 2018
Identity Services in the New GM IT GM
CON8902 Thursday, 09/26 2:00PM Marriot Marquis – Golden Gate C3
Developing Secure Mobile Applications Mark Wilcox, Oracle
CON8826 Thursday, 09/26, 3:30PM
Moscone West, Room 2018
Zero Capital Investment by leveraging Identity Management as a Service
Mike Neuenschwander, Oracle
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16
Oracle Fusion MiddlewareBusiness Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Best-in-class
Open standards
On-premise and Cloud Foundation for Oracle Fusion
Applications and Oracle Cloud
User Engagement
Identity Management
Business Process
ManagementContent
ManagementBusiness
Intelligence
Service Integration Data Integration
Development Tools
Cloud Application Foundation
Enterprise Management
Web Social Mobile
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18