Oracle Entitlements Server enables the end users to bring their security logic out of the main application. It helps the architects of various applications just worry about where security is needed and not how they need to implement that security logic.
Legacy Applications have security logic embedded deep into their code. Any change to the security logic demands a major overhaul in the entire code and subsequently retesting, re deployment, audits etc. This is where the entitlements products score. They take the entire security issue out of your application and implement it themselves, as a wrapper layer over you app.
OES can easily integrate with existing security and provisioning products, hence all the millions spent on earlier security implementations do not go in vain.
Here is example on how OES can simplify your life- A banking application has multiple users:
Customer (a person holding account in bank),Clerks, Tellers, Accountants etc.
Now say the customer(say A) wishes to transfer some amount (say x$) to another account (say B). There is certain limit that that the customer A can transfer in a day. Lets set this limit to y$. Now any application will have the following code to evaluate if the money can be transferred.
if (A == Customer) && (x <= y) { allow money transfer } else {deny }
Say tomorrow the Customer group is renamed or you need to add another constraint, like A should have B as a beneficiary in his account to transfer money, that will require code change. Now OES comes into picture. With OES all the above code is replaced by
if (isAccessAllowed(A, B, x, y)) { allow money transfer } else {deny }
And on OES side you make a simple policy :
GRANT {moneyTransfer, A/B, if (x <= y && A == Customer) }
The above statement is a policy and this policy is evaluated every time an isAccessAllowed() call is made. Any change to the security logic requires change in just the above policy without touching the app code.
I hope this helps in understanding how OES can ease your life when it comes to security.
Subscribe to:
Post Comments (Atom)
good... :)nxt post awaited..
ReplyDelete