Technology

Launch Webcast Q & A Identity Management 11g R2

Posted by: on Jul 22, 2012 | No Comments

If you joined our webcast, hope you found it informative. Below we have embedded a copy of the launch webcast slides. We answered most of the questions during the webcast; however, there were a few we missed. We have captured the answers to all of the questions below. If you missed the webcast and would like a chance to meet in person, we will be hosting physical events and demonstrating the products live. The physical events will allow you to connect with product managers and members of our engineering team in person. 

  • Los Angeles August 28th 8:30 -1:00 PM 
  • Washington DC September 5th 8:30 -1:00 PM
  • New York September 6th 8:30 - 1:00pm ( Registration page coming soon)
  • Chicago September 6th 8:30 - 1:00pm ( Registration page coming soon)
  • Toronto September 12th 8:30 - 1:00pm ( Registration page coming soon)
  • Montreal September 13th 8:30 - 1:00pm ( Registration page coming soon)

Identity management11gr2launch finalv2 from OracleIDM

Q: Are OIM & OIA better integrated in 11g R2 ?
A: Yes, in R2 OIA and OIM share a common data model

Q: Is multi-tenancy part of 11g R2 ?
A: Many of the components are being used in multi-tenant environments, but multi-tenancy isn't a key capability that we're announcing with this release.

Q: Has the BPEL workflow engine changed? Can your have approval workflows run in parallel ?
A: We have direct integration with SOA in this release, so you can take much better of advantage of the ability to include attachments, etc... in approvals.

Q: Can you install and run more than one JDE connector? We have multiple versions of JDE in our environment.
A: We have not upgraded the JDE connector in this release, so while you can have multiple instances of JDE connector, the version/client libraries need to be the same. We have a new version of the connector planned that uses a new connector framework that will support multiple concurrent versions.

Q: Where can we locate the release notes and documentation for migration ?
A:The full set of documentation will be available on the main Oracle doc site (docs.oracle.com) once the software is live. This includes release notes and migration/upgrade docs.

Q: What are the future of OpenSSO? It is a nice open-source software, will it be in fusion?
A: OpenSSO will be converged into the broader Oracle Access Manager solutions

Q:Are oblix 7 and oam 10g the same product?
A: Similar. The Oblix products were enhanced to leverage the Fusion Middleware stack and offer broader capabilities in Oracle Access Manager

Q: Does OAM 11gR2 Webgate support IIS and Apache web servers?
A: This is still the case.

Q: I learned as part of the program is, To implement SSO between OAM 10g and 11g environment, It required both of the environments in different cookie domain. That makes migration difficult. Can we address this?
A: We will be handling this soon. 

Q: Can request based provisioning be configured to digitally sign requests and / or approvals? If so, is the digital signature technology used either FIPS 140-2 compliant or DoD Joint Interoperability Test Command PKE Interoperability Certification?
A: Yes. This is a very specific use case work out the details with the PS team.

Q: With the UI customization, can you add or remove tabs/hyperlinks for one set of users but not for another?
A: Yes, using standard JSF standards based EL expressions, customizations can be done such that they are effective for one set of users and not a different set. It is something that can be done for all kind of customizations.

Q: Are OAM 11.1.1.5 cookies and Oblix 7 cookies the same? Are the OAM 11gR2 cookies and Oblix 7 cookies the same?
A: Cookies OAM 11g (11.1.1.5 / 11.1.2.0) vs Oblix 7 work differently. OAM 11g uses a combination of host cookies or domain cookies (depending on the version of Webgate you use), a server cookie, and an in-memory session store (based on Oracle Coherence technology) to maintain and correlate user session information.

Q: When requesting new access/entitlements, is their an approval process?
A: Yes. We leverage SOA BPEL-based workflows for approvals

Q: So OAM 11gR2 supports only Oracle HTTP server and no other web server?
A: Yes. 

Q: how complex the is upgrade path from R1 11.1 .1.5 to this release?
A: We provide an in-place upgrade from 11.1.1.5 to 11gR2 and include all required steps in the Upgrade Guide.

Q: is that password randomly generated ?
A: Assuming this is about password that OPAM generates for checkin/checkout -- it is randomly generated by OPAM and the random generation complies with password policy

Q:Can you please cover the enhancements to Oracle Entitlements Server in R2?
A: Siva. We will not dive into OES enhancements on this session. Lets schedule a separate call to review our multi platform enhancements in OES.

Q:What is the integration plan of Oracle Waveset (Sun IDM)?
A: 11gR2 has a number of compelling, cost saving benefits. Coupling these benefits with our pragmatic, co-existence-based model, we are encouraging Waveset customers to work with us on a sensible upgrade path to the Oracle identity management platform.

Q: Is it now a complete ADF app or still a mix of ADF and Struts pages?
A: Identity Self Service and SysAdmin capabilities are now 100% ADF.

Q: Does this mean features/code of OpenSSO will be merged into Oracle Access Manager so that only Oracle AM will have ongoing development?
A: Yes that's correct.

Q: When will it be released?
A: It will be released in August.

Q: Is there service account still in OIM?
A: Yes, the service account feature in OIM is about ensuring that the lifecycle of service account is not linked to the user that has it, for example the service account is not deprovisioned at employee termination. OPAM serves different purpose. But over time, we will converge the 2 features in 1

Q: Has OIA been included in the comprehensive Oracle Identity Managment stack?
A: Architecturally, when we release OIM R2, OIA PS1 is integrated with its catalog features. However we have plans to now write all OIA features on the same data model and same UI/backend architecture. The work on the same is ongoing and we will be making announcements later on when the convergence will complete.

Q: Identity Management support what databases as back end ?
A: Oracle  

Q: Does it support mysql as well.
A: Not at this time. 

Q: is social sign-on a kind of federation
A: Yes. OAUTH/OpenID-based.

Q:Does OIM still restrict us to not provision Users to other systems like AD, Exchange before starting date in organization? Its is very common requirement now a days from clients. They want to provision Users well before starting date in AD.
A: No.. you can provision and disable before the start date the enable .

Q: So, does the new shopping card style implementation means the request template capability is not available now?
A: That is correct.

Q:what about the DOD Certification?
A: Believe the answer is yes, but this is coming from SOA/WebLogic.

Q: Is OAAM integrated with OAM in 11g R2?
A: Yes OAAM is integrated.

Q:Is the mobile SSO based on ESSO model?
A: No it's based on OAuth token.

Q: We have the complete IDM stack. When can I get my hands on an evaluation copy of 11gR2 IDM suite?
A: Work with the PM team and your sales rep. 

Q:What I am interested in knowing is if OAM has OAAM capabilities in 11g R2 or if they are 2 separate products that need to be integrated. 
A:From the infrastructure perspective, OAM and OAAM are still installed / configured separately. Convergence of these products is planned for later releases. However, we do have an out of the box / tighter integration between OAM and OAAM in R2.

Q:Anything new on UNIX shell login and Oracle DB logins?
A: As in externalizing end-user authentications from Unix/Oracle to IDM or in the context of privileged accounts?

Q: Can it be configured to use a 3rd party token?
A: It can be interoperable with a  third party token.

Q: It is simple to upgrade from Identity Management 11g R1?
A: The details will be posted in August with the release.

Q: Is the 250M users and 3K Auth/Second is supported by single OAM server ?
A: Yes. This is for a single node of OAM. We'll have a detailed whitepaper published soon.

Q: Is OAuth support is as Identity Provider or Consumer ?
A: It supports both.

Q: When will 11gR2 be available for download?
A: August  

Q:what is OAuth token?
A: Background on Oauth check the wikipedia entry. http://en.wikipedia.org/wiki/OAuth

Q:Does Access 11gR2 provides upgrade path from OAM10.1.4.3
A: Yes the instructions will be provided on OTN in release. 

Q: But OAAM still a separate component?
A: Yes, it's a separately installed service from OAM.

Q: Is OIA integrated with OIM in 11gR2?
A: OIA has been integrated with OIM since the R1 release. 

Q:does OAAM integrate well with OIM replace /suffix the authentication into OIM ?
A: Yes this is a use case that would work. 

Q:Is Fraud Management derived from OAAM? Are they the same thing?
A: Yes  

Q:Will OIM and OIA also be more tightly integrated? Or will the continue to be stand-alone products?
A:They are tight integrated today and will continue to be more tightly integrated. 

Q: Does the UI customization features using WC, also allows MObile app UI development too?
A: Yes a mobile component with ship with R2 allowing mobile apps to be developed.

Q: When is 11g R2 planned to be released ?
A: August  

Q: Will OIA continue to be a seperate product or is is now partof OIM?
A:For now, it is separate, but we are already working on an offering that has all OIM and OIA features on a common UI architecture, common data model and common support for connected and disconnected resources. You will see us making more announcements in this area later.

Q:What components do we need to create apps on Mobile for SSO ?
A:Access Management Suite includes the mobile server components as well as a client SDK that can be used in native apps.

Q: Where does Enterprise Gateway stand ?
A: Enterprise gateway is still a separate component.

Q:Can all the OIM configurations be done through web UI in R2 or do we have to still use java applet (xlclient) for some?
A: All of the new UI customizations can use the web UI. 

Q: Can the entitlement shopping cart list be filtered based on the identity of the "customer" doing the shopping? Thanks.
A: To some degree yes.  

Q: Some of us want to use OIM purely for password mgmt capabilities without the workflow features. Does R2 offer anything here.
A: Yes

Q: Can OAM R2 support case insensitive resource type. Its about MS IIS.
A: We do not support this functionality at this time but we are looking at how to support it in future releases.

Q: So OAM 11.1.1.5 does not support OpenSSO?
A: No it does not

Q: What is Oracle's strategy to migrate customers running on OAM and OIF separately today without support for OAuth, etc
A:The migration will be in the release in August 

Q:Can Oracle Beehive components be authenticated with Idm 11g R2
A: Yes using OAM for Web SSO. Oracle does this in house today.

Q: Is this slide presentation available ?
A: It is embedded in the blog 

Q:Since it was not specifically mentioned, where does the Sun Directory (DSEE) fit into this framework solution?
A: Sun DSEE is part of the ODS+ suite  

Q:We still need Design Console to config OIM?
A:The only one feature for which design console is still required is to do adapter config/integration in connected provisioning workflows. The use of it for all other features has been eliminated.

Q:Does 11gR2 support the virtual hardware?
A: It can be run in a VM 

Q: what all are the improvments from OIA integration perspective in 11gR2?
A: There are a few improvements like the SOA work-lists. The release notes will contain the details  

Q: Which version of SOA BPEL is certified for 11gR2?
A: The version that ships in Fusion Middleware 11g

Q: How 11gR2 integrate with MS SharePoint?
A: OES supports share point and  Share point can be a provisioning target.

Q: How many out of the box connectors available for 11gR2?
A: All of our existing connectors are certified with R2.

Q:we are in the midst of development of two level approval workflows for over 200 application roles in JDE 9.0 how easy will the conversion be when we upgrade? What things do we need to consider as we move forward with our development work?
A:The approval architecture has not changed between R1 and R2. While I do not know specifics of your implementation, generally speaking, no changes should be required.

Q: Does OAM11gR2 provide any capability towards securing websevices along with standard web application?
A: Securing Webservices has always been part of the Identity suite there are no new SOA security components

Q: DSEE vs OUD as an offering.
A: For high scale new deployments OUD is the recommended path. 

Q:What is OAAM?
A: OAAM stands for Oracle Adaptive Access Manager 

Q: Is OIM compatable to run on WebSphere ?
A:Currently it runs on WebLogic only. You will see us making WebSphere certification planning announcements in the coming months.

Q:any more updates on OIA, any plans for direct connectors for pulling off the data
A:Not in R2, but this is getting addressed soon as part of our convergence plan. Stay tuned for more updates from us.

Q:We are currently evaluating Tivoli. Can you talk about how does new version compare with Tivoli?
A: Simpler to use and configure. In addition, OIM has more connectors OOTB. 

Q:Earlier it was said that OAAM is now integrated into OAM, but then just said OAAM is still a separate component. Can you clarify please?
A: Integrated so that the context information is available. They are still separate components.

Q:Is licensing for 11g OAM included with licensing for current EBS implementation (assuming OAM is used only for EBS authentication) or is additional licensing required?
A: The licensing with EBS is limited to EBS. 

Q: Are there labs available ?
A: The website will contain the latest content .. training content will follow shortly. 

Q:When can we expect OIM to be compatible with other Application servers?
A: Websphere certification will follow after the R2 release. 

Q:When will developer level documentation (developer guide for OIM etc.) for R2 become available for general access ?
A:In August. 

Q:what components of OIA are now merged and available in OIM 11gr2?
A:Nothing has merged in OIM R2. The only change to integration is that the OIM catalog becomes authoritative for business context - glossary definition, risk score etc so that customers define it once and use it consistently in request, approval, provisioning and cert. Stay tuned for more updates in coming months on OIM OIA convergence.

Q:When OIA will be totally integrated with OIM (single db)? Moreover will this integration mean that OIA (former Sun product) technology will be substituted by Oracle Role Manager technology? Will the two technology be compatible?
A:As part of SUN acquisition strategy, we announced that ORM is no longer strategic. OIA continues to be our strategic product for compliance features. OIM and OIA are integrated out of box, and over time we are converging them on common data model and common architecture. This work will continue post R2.

Q:Is a certification matrix available for 11gR2 (for planning purposes) ?
A:  We have the certification matrix ready and we'll make it available at the same time R2 is released. The R2 certification matrix will be published here: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Q:OAM, OAAM, OIF, OESSO, OEG, Social and Mobile, all the features can be installed just by installing one OAM?
A:OAM, OIF, OAAM, and Mobile and Social can all be installed from a single install session. OESSO is separately installed.

Q:Both ODSEE and OID are directory products; does Oracle plan to consolidate it directory product with either ODSEE or OID?
A:ODSEE, OUD, and OID all continue to be developed. We have many ODSEE customers that are upgrading to OUD, but there we continue to support all three actively as they tend to be attractive to different parts of our customer base.

Q:Do you have any clear upgrade path for OAM 10g customers, particularly on the obsolete Identity System/IDXML in 10g?
A:Our plan for IDXML is to provide a bridge from IDXML to OIM so that you are not required to rewrite the entire UI based on IDXML, but it is not part of R2 release. It is something that we are looking to address on roadmap.

Q: Is there an upgrade path available from OAM10gR3 to 11gR2?
A: yes 

Q:Is upgrade the only option for customers that needs OAuth support in OAM?
A:Mobile and Social features are available in R2 and can run alongside of OAM 11g R1. The benefit of upgrading to R2 is that you can have OAM plus mobile/social in the same container.

Q:Does the IdM suite have the built-in two factor authentication component/feature?
A:Oracle Adaptive Access Manager offers risk-based authentication, multi-channel authentication, and other features that strengthen authentication. OAM also supports authentication through tokens and other strong authentication methods, but tokens & PKI features are not part of the suite and must be acquired separately.

Q:is OIC (Oracle Identity Connect) part of this 11g R2 release?
A:Yes. We now refer to that functionality as "Mobile and Social" and it is a part of Oracle Access Management.

Q:Can you tell us a little bit more about ESSO/OAM integration in R2? Any particular features?
A:User authentication to eSSO (via machine logon) will start an OAM session to give user uninterrupted single sign-on to web and client server/host-based applications.

Q:How difficult is upgrading from Opensso 8.0
A:We have a co-existence model whereby OAM can leverage OpenSSO Agents to simplify the upgrade process

Q:What are the Hardware requirements for Oracle Identity Manager 11g R2?
A: Will ne listed in the release notes on OTN in August 

Q:Is BPEL our only option?
A: yes