Download   Report
  1. No category

Oracle IDM at First National Bank

Oracle IDM at First National Bank
Securely Extend Applications to Mobile Devices:
Developing a Mobile Architecture [CON7994]
An Oracle Open World 2014 Presentation
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Oracle IDM at First National Bank
• Several years ago, we recognized the need to replace
our security offering and add needed feature sets. With
Oracle’s Identity and Access Management platform we
were able to do so.
• With the introduction of our mobile solutions in 2013, we
recognized the need to enhance our customer
experience by providing easier ways to login and view
basic account details. With Oracle’s Mobile Social and
Gateway additions we will be able to do so.
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Oracle IDM at First National Bank
• Past, Current, Future Use of IDM
• Current, Future State of First National Bank Mobile App
• Architecture, Management and Challenges of Mobile
Social and Gateway components for our First National
Bank Mobile App
• Recap
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Past Use (2012-2014)
• TriCipher Appliance Replacement
• Integrated into newly created and existing websites and mobile
applications servicing our customer base
• SAML Single Sign-On for Rewards and Collections
• Challenged with product base configuration during rollouts, solved
by leveraging Advanced Customer Support assessments
• Team familiarity with the Oracle IDM stack grew tremendously
having to add in tuning, partitioning, archiving
• Design upgrade plan for our product base and begin build out
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
Past Install
•
•
•
•
•
OAM, OAAM, OIM 11g R1 (IAM Suite)
OIF, OID, OVD 11g R1 (IDM Suite)
Oracle RDBMS
OAM 10g WebGate (Web Server)
Cisco Load Balancers
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
Current Use (2014)
• Continue design and build out of infrastructure for our planned IDM
upgrades
• Purchase Mobile Social and OAG components of the IDM stack
• Design and build out infrastructure for our mobile implementation to
allow passcode and quick balance capabilities within our Mobile
application
• Upgrade OAAM, OID, OVD in production
• Continued leverage of Advanced Customer Support for upgraded
installs, health assessments, and overall guidance
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
Current Install
•
•
Upgraded
– OAAM 11g R2 PS2
– OVD, OID 11g R1 newer version
– Oracle RAC for upgraded components
– F5 Load Balancers for upgraded components
Maintained
– OAM, OIM 11g R1 [limited use] (IAM Suite)
– OIF 11g R1 (IDM Suite)
– Oracle RDBMS
– OAM10g WebGate (Web Server)
– Cisco Load Balancers
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
Future Use (2014-2015)
• Implement Mobile Social and Oracle API Gateway for use by our
mobile application
• Implement passcode and quick balance in our mobile application
• Upgrade OIF, OAM, and OAM WebGates
• Build out Active/Hot Standby location
• Continued leverage of Advanced Customer Support for upgraded
installs, health assessments, and overall guidance
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
Future Install
•
Upgrade To
– OAM 11g R2 PS2
– OAG 11g R2 PS2
– OIF 11g R1 newer version
– Oracle RAC for upgraded components
– OAM 11g R2 PS2 WebGate (Web Server)
– F5 Load Balancers for upgraded components
11g R1
(OAM OAAM
OIM OIF OID
OVD)
© FIRST NATIONAL BANK
11g R2
(OAAM Newer
OID, OVD
RAC F5)
11g R2
(OAM-Mobile
OAG)
11g R2
(OAM-Web
OIF)
11g R2
(Active Hot
Standby
Location)
Securely Extend Applications to Mobile Devices
First National Bank Mobile App
•
•
Current State
– Custom built mobile application using REST Web Services
– XML to JSON API implementation for authentication and session
management
Future State
– Allow customer to login to native Mobile app on a registered device
using passcode or password
– Allow customer to see balance and limited transaction history without
logging in (quick balance)
– Leverage Oracle Access Manager Mobile Social, Oracle API Gateway,
Oracle Adaptive Access Manager
– Use Aurionpro, Client Resources, Inc. and internal staff to assist with
architecture, configuration, and coding efforts
– Possible use of OAuth, SOAP Services to RESTful Services, OTP for
challenge question
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
First National Bank Mobile App - Login
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
First National Bank Mobile App - Enable Passcode and Quick Balance
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
First National Bank Mobile App - Set Passcode
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
First National Bank Mobile App - Passcode and Quick Balance Entry
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
First National Bank Mobile App - Quick Balance View
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Mobile Social IDM Enhancements
•
•
•
•
Mobile Social Architecture
Passcode, Token, Device, User Management
Password, Passcode, Quick Balance Interactions
Challenges
• Please welcome, Rakesh Meena, Security Architect with
Aurionpro
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Mobile Social Architecture
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Mobile Social Management
• Passcode & Quick Balance Management
– Alternative authentication method, managed by preferences
– First time setup requires password entry
– OVD attribute used for storage using SHA1 has format
• Token Management
–
–
–
–
OAM User Token
OAM JWT Token
Access Token
Client Registration Handle Client Token
• Device Management
– KBA, Jail Broken, Lost/Stolen, Black List with OAAM
• User Management
– Handled by custom APIs with OID/OVD
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Password Login
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Passcode Login
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Quick Balance
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Mobile Social Challenges
•
•
•
•
•
Leveraging existing solutions
– Access Management
– Identity Management(user profile management, application provisioning
and password support)
– Adaptive Access management
• KBA , OTP (sms/email/push notification), Jail break detection,
Device Black list and White list
Enabling new features relevant to mobile devices (numeric passcode
authentication)
Addressing security risks specific to mobile devices (lost/stolen device)
Single Sign On across multiple native applications and native applications to
browser application
Cloud Based Authentication (ability to login with
Facebook/LinkedIn/Google/Yahoo/Twitter accounts)
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Mobile Social Challenges
•
•
•
•
•
•
•
Standards (OAuth 2.0) support
API Transformation (XML to JSON conversion)
API Control and Governance (traffic throttling, auditing transactions and
SLA monitoring/enforcement)
API Monitoring and API Analytics
API Security
– Threat protection(threating content scan and blocking) , Certificate
management, Data encryption and redaction
– Integration with Access Management backend for Authentication and
Authorization
Enabling services(API) over multiple channels (mobile smartphone, mobile
tablet , desktop browser, mobile browser , kiosk)
Auditing and Reporting from single data source and ability to co-relate user
session events(desktop browser, mobile native applications and mobile
browser applications)
© FIRST NATIONAL BANK
Securely Extend Applications to Mobile Devices
Oracle IDM at First National Bank
• Recap
–
–
–
–
External websites and mobile app authentication
Single Sign-On to External Partners
11g R2 Upgrades
Mobile Social Implementation for Passcode and Quick Balance
• Contact Us
– Dawn Johnson
Director, IDM
• [email protected]
– Chris Trickel
Director, Middleware
• [email protected]
– Rakesh Meena
Security Architect
• [email protected]
© FIRST NATIONAL BANK
First National
(402.602.5429)
First National
(402.602.7108)
Aurionpro
(732.734.1478)
Oracle IDM at First National Bank
Securely Extend Applications to Mobile Devices:
Developing a Mobile Architecture [CON7994]
An Oracle Open World 2014 Presentation
© FIRST NATIONAL BANK
BUSINESS ( ) Assignment Cover Sheet Undergraduate

BUSINESS ( ) Assignment Cover Sheet Undergraduate

JO US! IN

JO US! IN

| Integrated Business Planning Start anywhere… integrate seamlessly Customer Successes

| Integrated Business Planning Start anywhere… integrate seamlessly Customer Successes

I IT & O

I IT & O

VASILIOS KERAMARIS

VASILIOS KERAMARIS

Why Wi-Fi? Al Prendergast IT Director LV-CCLD

Why Wi-Fi? Al Prendergast IT Director LV-CCLD

Information Tech- Partners in Managed Services and Strategic Staffing

Information Tech- Partners in Managed Services and Strategic Staffing

EXPERTISE TECHNICAL CAPABILITIES

EXPERTISE TECHNICAL CAPABILITIES

How to Migrate to Oracle 11g with Minimal Downtime

How to Migrate to Oracle 11g with Minimal Downtime

Profile Options: What are they and why should auditors care?

Profile Options: What are they and why should auditors care?

abcdocz.com

© Copyright 2024