Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Alex's SQL Injection advisory is available in German"] [Next entry: "Google has added a great blog search tool"]

Oracle Locks Up 'Federated' App Server

I just came across the recent news story by Clint Boulton titled "Oracle Locks Up 'Federated' App Server" describes the fact that Oracle has just debuted their new security developer tools that allow a user to grant or deny access to information held on computers.

This is an interesting news item that tells us that

"The tools let corporations offer partners and customers access to their internal applications, while keeping them out of files and other information they don't want to share."

"The suite of tools, based on specifications written by the OASIS SAML (define) and the Liberty Alliance Project, has been designed to craft applications that run on Oracle Application Server 10g Release 2, launched earlier this year."

The tools are based on federated identity where policies define whether users can access data or not. The access to the data is granted via passwords or / and other credentials. These new tools are needed to weave security into the Service Oriented Architectures (SOA) Oracle and its rivals are pushing. The tools are part of the Oracle Fusion Middleware brand.