Oracle Announces Open Initiative to Help Organizations Govern Identity Information Across Enterprise Applications

CA, Novell, Ping Identity, Securent and Sun Microsystems Join Initiative and Support Draft Framework

REDWOOD SHORES, Calif., 29-NOV-2006 05:15 AM Oracle today announced an open initiative, the Identity Governance Framework (IGF), designed to help organizations better govern and protect sensitive identity-related employee, customer and partner information as it flows across heterogeneous applications. Leading identity vendors including CA, Novell, Ping Identity, Securent and Sun Microsystems, Inc. have reviewed a draft of the Framework and plan to work with Oracle to develop full specifications. With today’s announcement, Oracle is also inviting additional vendors and customers to review and contribute to the key draft specifications.

Organizations today are struggling to balance the need to meet regulatory mandates and secure personal information while maintaining streamlined business processes. As a consequence, identity-related data is often embedded in numerous applications across an organization, making it prone to inconsistencies, placing information at risk and triggering privacy violations. IGF will uniquely address this problem and establish a standard way of defining enterprise-level policies for organizations to share sensitive personal information securely and confidently between applications and diverse identity sources while helping ensure security and privacy. With the IGF, organizations can more easily determine and control how identity information - including Personally Identifiable Information, access entitlements and personal attributes - is used, stored, and propagated across diverse systems, helping ensure the information is easily auditable and not abused, compromised or misplaced.

“Historically, enterprise architects and developers have struggled with the challenge of seamlessly integrating identity services with business applications - a situation that is further compounded by contemporary regulatory and compliance pressures,” said Gerry Gebel, vice president and service director at Burton Group. “Efforts, such as the Identity Governance Framework, can help bring order to unsystematic environments or approaches by addressing areas not covered in other identity and security standards.”

The IGF provides a standard mechanism for organizations to establish “contracts” between their applications and sources of identity data. The four key components of the Identity Governance Framework that vendors and customers can currently review include:
* Client Attribute Requirement Markup Language (CARML) - an XML-based declarative contract defined by application developers that informs deployment managers and service providers about the attribute usage requirements of an application;
* Attribute Authority Policy Markup Language (AAPML) - a set of policy rules regarding the use of identity-related information from an identity source that allow these sources to specify constraints on use of provided data by consuming applications;
* CARML API - an Application Programming Interface that makes it easier for developers to write applications that consume and use identity-related data in a way that conforms to policies set around the use of such information; and
* Identity Service - a policy-secured service for accessing identity-related data from multiple identity sources.

“As a provider of business and infrastructure applications, Oracle understands the challenges our customers face when trying to manage and secure identity-related information that is often scattered across their entire infrastructure and recognizes the increasing importance of establishing auditable policies pertaining to that information,” said Hasan Rizvi, vice president, Identity Management and Security products, Oracle. “By creating the Identity Governance Framework we are helping organizations overcome this challenge and gain complete visibility into how identity information is stored and used in their systems.”

Industry Support of the Identity Governance Framework
Key vendors in the identity management market support the IGF and plan to help further develop the specifications that will be submitted to a recognized global standards setting organization in the future. Oracle, CA, Novell, Ping Identity, Securent and Sun Microsystems are expected to be joined by other technology companies who also plan to contribute to the initiative. Customers are expected to benefit from a common industry standard by being able to share sensitive identity-related data more easily across their heterogeneous IT environment and know where it is, how it’s being used and by whom.

“CA is supporting the Identity Governance Framework to help customers more easily protect personal data across their disparate systems and applications,” said Vadim Lander, vice president and chief architect, Security Management at CA. “We look forward to working with Oracle and others to develop practical, adaptable XML-based specifications that simplify the creation, enforcement and management of identity security policies.”

“Novell is committed to working with Oracle and other leaders in the identity management market in the development of an open framework that will facilitate developers’ efforts to better identity-enable applications and services independent of the underlying identity infrastructure,” said Nick Nikols, vice president, Product Management Identity and Security Novell, Inc. “This commitment goes hand in hand with our existing participation and contributions to the Higgins and Bandit projects.”

“The Identity Governance Frame work is a much needed addition to the identity management industry,” said Patrick Harding, CTO, Ping Identity. “The Framework, as an extension of Federated Identity Management, will allow our customers to better maintain the privacy of their user information and to have finer-grained control over the release of that information to their business partners.”

“Secure access to sensitive identity-related information including HR information, location/presence information, customer information, etc. is increasingly critical for businesses,” said Sekhar Sarukkai, Founder and CTO of Securent Inc. “As the leading XACML-based entitlement management vendor, Securent is in the forefront of deploying policy-driven authorization solutions across heterogeneous environments and is happy to contribute its experiences to the creation of the Identity Governance Framework in order to enable an open-standards-based, declarative, mechanism to securely publish, and consume, identity related information.”

“The direction which the Identity Governance Framework is heading is positive,” said Don Bowen, director of Identity Integration for Sun Microsystems, Inc. “Sun supports its submission to a standards body and thinks the Liberty Alliance may be best, as it is a natural and essential evolution of the work already done within that organization.”

To learn more about the Identity Governance Framework and to review the specifications, visit http://www.oracle.com/goto/igf.

About Oracle
Oracle (NasdaqGS: ORCL) is the world’s largest enterprise software company. For more information about Oracle, visit our Web site at http://www.oracle.com.

# # #

Trademarks
Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Contact Information

Rebecca Hahn

Oracle

Contact via E-mail