Figure 41-2 illustrates the functional architecture of Identity Context based on the Oracle applications of which it is comprised.As seen in the illustrations, context-aware security policy management is achieved by leveraging the Oracle Access Management platform.
The changes allow for access by a greater number of users using different types of devices.
To compensate for the additional risk associated with the greater number of users, the underlying security models used for access management have evolved from a silo-based implementation to a more dynamic one in which identity and risk data is shared across components of the entire application delivery process.
Each application delivery component has its own security policy infrastructure responsible for protecting its individual slice of the application.
This specific use case involves the end user device, a Web Server running static GUI pages, an Application Server running the Portal Server rendering dynamic content, a Service Bus Server exposing the Web service endpoint, a database server containing transactional data, and an LDAP server containing identity profile data.
This platform contains native support for working with and enforcing Identity Context attributes (including risk score, trusted device data, authentication data, and the like) without changing end-user applications.
The Oracle Access Management platform enables Identity Context data to be collected, propagated across the involved components (as defined in Figure 41-2), and made available for granting or denying authorization to access protected resources.
The ability of applications to leverage cloud services comes at the cost of having to account for the greater amount of risk stemming from those services being silos in their own way.
With the number of threats to cloud deployments and mobile delivery channels growing steadily, it is required for the end-to-end application delivery process to implement the necessary policy controls for dealing with the greater range of threats.
This dynamic implementation relies on systems that offer Web single sign-on (SSO), fine-grained authorization, Web Services Security, Identity Federation and the like to aggregate security controls within a particular run-time deployment environment (web server or application server container) and provide policy-based security controls to manage access to application resources.