Having thrown its hat into identity management with the acquisition of Oblix earlier this year, Oracle Corp has now made two acquisitions in provisioning and virtualization, to narrow the gap with IBM Corp and Computer Associates International Inc.
Compliance is driving investment in ID management, said Hasan Rizvi, vice president of identity management and security development, explaining Oracle’s ramping up of investment in the space this year.
One of the acquired companies is Thor Technologies Inc, a New York-based provider of identity provisioning software. Its product, Xellerate, which will retain the brand name under Oracle, performs the actual provisioning of user access.
By contrast, Oblix, which Oracle acquired last March, focuses more on identity management for web applications, and does not have the enterprise scalability of Thor.
The other acquisition, OctetString Inc, provides a meta-directory that links and converges multiple directories and other sources of end user information that may reside at OS or application levels.
Although this sounds like a federated identity tool, Oracle terms it virtualized identity, because of Octet’s approach that provides a middle integration layer redolent of EAI hubs. It performs a function similar to IBM’s Tivoli Directory Integrator or Sun’s Federation Manager.
Like Oracle’s Fusion middleware, both Thor and Octet products are based on J2EE (Java EE) platforms. Because both companies are private, Oracle is closing the acquisitions immediately.
The challenge of course is to unify all the sign-ons necessary for logging on to corporate systems, specific applications, email and calendaring systems, and databases that typically maintained their own separate directories.
In comparing Oracle’s identity management approach to its rivals, Wynn White, senior director for Oracle identity management and security marketing said Oracle was more focused at applications, rather than system administrator level.
There have been two approaches to identity management, he explained. You could either force the business application to fit with the existing infrastructure that the company has in place, or look at synchronizing the way different systems map authorizations.
For instance, while the acquired Thor technology relies on external adapters akin to those used by EAI systems, products such as Tivoli access Manager rely on agents that sit on source systems.
Although Oracle plans to continue pushing development of the Oasis SPML (Services Provisioning Markup Language) standard, for the foreseeable future, it doesn’t consider it mature enough to replace the need for proprietary adapters.
Thor says it has adapters to over 30 systems. Some of them include Oracle applications; Siebel; Lotus Notes; Microsoft Exchange, directories from CA, Novell; access control systems such as IBM’s RACF and CA’s Top Secret. Additionally, with the acquisition, the former Thor unit plans to complete the process of getting its connector certified for SAP.
According to John Aisien, formerly head of Thor and now vice president of identity management and security business development for Oracle, the company already has SAP customers and expects to continue supporting them.
Oracle plans to retain the entire sales, marketing, and product engineering teams from both acquired companies. It’s consistent with Oracle’s recent ramp up of identity management following the Oblix acquisition, where it added to the Oblix management team and doubled the identity products sales force.
The products, branded Oracle Xellerate Identity Provisioning and Oracle Virtual Directory, are available immediately as part of Oracle’s Fusion middleware.