Oracle Unveils Access Management Suite

Oracle has unveiled the Oracle Access Management Suite, which it says will help businesses comply with Section 114 of the Fair and Accurate Transactions Act (FACTA), better known as the Red Flag Rules. This becomes law November 1, and applies to any company that extends or deals with credit, from auto dealers to banks and financial institutions to retailers.

Businesses to which the Red Flag Rules apply must create written plans to detect and respond to suspicious transaction patterns that might indicate identity theft. The plans have to be updated to keep pace with changing trends in financial crime.

Detecting and responding to suspicious transaction patterns will require access control, policy management and a means of identity confirmation, all of which are provided in the Oracle Access Management Suite.

The suite, certified to work with applications from both Oracle (NASDAQ: ORCL) and other vendors, includes the new Oracle Entitlements Server, which is the BEA AquaLogic Enterprise Server reborn. Oracle bought BEA in January for $8.5 billion.

“Concerns about fraudulent charges due to identity theft are forcing companies to adopt better authentication technology, and risk based authentication with identity proofing is one piece of the solution,” Amit Jasuja, vice president of Oracle Identity Management, told “The other piece is to have one single identity so you can log in once and access all your applications, whether they’re internal or external to your company.”

The Oracle Access Management Suite offers standards-based single sign-on and identity federation, strong authentication and authorization management, and real-time proactive fraud prevention.

By doing so, it improves security for Web-based applications, an area that’s becoming increasingly important for two reasons: enterprises are increasingly moving applications to the Web; and the latest credit card security standards, PCI-DSS 6.6, require that businesses put a Web application firewall on all customer-facing applications.

Authorization control is a critical part of compliance, and the Oracle Entitlements Server provides fine-grained authorization capabilities that prevent users from accessing or looking at documents they are not entitled to. “If, for example, I’m a cardiologist and I have a relationship with a patient; authorization control lets me only access the patient’s cardiogram output but not, say, a biopsy report,” Jasuja explained.

The Oracle Entitlements Server integrates with Oracle Fusion Middleware. Fusion “gives an architectural framework for integrating entitlement into applications and is a strategic move for Oracle as the market leader in this space,” Scott Crawford, research director at Enterprise Management Associates (EMA), told

Enterprises using Web application firewall point solutions can roll them up into the Oracle Management Suite. “Our strategy is one of peaceful coexistence,” Jasuja said. “We love everybody.” The suite “interoperates with all the different infrastructures you may have.”

For example, it layers on top of Microsoft Active Directory with native integration, and has a native plug-in for Windows SharePoint Server. “We’re hot pluggable,” Jasuja said, evoking an Oracle buzzword, and adding that Oracle is “committed to openness and interoperability.”

News Around the Web