Oracle buys Identity Management Firm Oblix


News: Oracle buys Identity Management Firm Oblix

  1. Oracle buys Identity Management Firm Oblix (10 messages)

    Oracle on Monday announced the acquisition of Identity Management firm Oblix, whose products facilitated single sign-on across a variety of platforms, as well as management of security policies between Web services and applications. Oracle will integrate Oblix's identity management as a built-in component into Oracle's appserver offerings, similar in strategy to Oracle's acquisition of Toplink in 2004.

    Specifically, the acquisition brings to products of interest to the enterprise development community:

    COREid provides identity management functions including: Web single sign-on, user self-service and self-registration, user provisioning, reporting and auditing, dynamic groups, and delegated administration. COREid integrates with all leading directory servers, application servers, web servers, and enterprise applications.

    COREsv allows the building of security and operations policies that can be layered over new or existing applications and Web Services, Runtime facilities for intercepting calls to and from an application or service and then executing these policies and dashboards for monitoring these policies as they execute, to ensure service levels and potential problems.

    Oracle will continue to support other application servers with Oblix (this is necessary to COREid's value proposition anyway). TheServerSide spoke to Rick Shultz, VP at Oracle to get into more depth on what the acquisition means for Oracle's Java offerings.

    What will this acquisition mean for J2EE developers using Oracle's Java related products (appserver, JDeveloper, etc)?

    Oracle is the only vendor who offers customers Identity Management as a built-in component of its J2EE-based middleware platform for treating Identity as a core element of application development and deployment. Most other vendors in the Identity Management space have approached this market from a Systems Management perspective rather than an application-centric approach and many of them do not even provide J2EE-based middleware product families with which Identity could be integrated. As such, developers who are looking for a complete J2EE-based middleware platform that includes integrated Identity Management will find Oracle the logical choice.

    Additionally, most of the vendors in the J2EE application server space lack a complete Identity Management solution (if they have one at all). Given that Oblix was particular strong in managing Identities in heterogeneous environments [ie. supports a broad range of OSes, Directories, App Servers, Web Servers, Portal Servers, Databases and Applications] and Oracle intends to strengthen that commitment, we fully expect customers to choose to use Oracle Identity Management in conjunction with other J2EE application servers in the market (BEA, IBM, JBoss, SAP, Sun, etc.).

    Finally, the Web Services management product that Oracle gains from this acquisition provides critical capabilities to developers building J2EE applications and deploying to a Service-Oriented Architecture (SOA). With Oracle's Web Services Management product, customers can monitor, audit, trace, log and bill against Web Services. Oracle intends to offer Web Services Management as both an option to the Oracle Application Server 10g and also as a separate component for customers using a non-Oracle J2EE application server.

    What additional technical features will Java developers get with Oracle products that they get that they didn't have before?
    From a Web services perspective.....In Oracle Application Server developers have the basic foundation for building J2EE 1.4 Web services along with a foundation Web services management solution that supports for monitoring, auditing, logging, reliable SOAP messaging and secure messaging (WS-Security). Oblix CoreSV adds to this foundation by providing the ability to set these policies in a heterogenous environment and adds new capabilities including content based routing, transformation and protocol mediation (e.g. HTTP to JMS). In addition, CoreSV brings a monitoring solution for heterogeneous Web services (agent and proxy based) that enables administrators to set service level agreements and service level objectives on service endpoints that in turn alert administrators of policy violations on their service endpoints.
  2. Sun has both an access manager and provisioning product. IBM has tivoli access manager and tivoli identity manager. Both Sun and IBM have IDE's as well, so this appears to be more of an attempt to catch up with the other vendors when it comes to identity management.
  3. Yeah, the Sun offering looks really good too.
  4. I remember HP is also in this space, by way of acquiring Trulogica middle of last year.

    But, Trulogica's ID management was based on role and is well used by many financial firms.
  5. What is so good about Oblix that Axis2 may not offer?
  6. An respected organization that will tell them WHAT will be delivered and WHEN. Do you know when Axis2 is going to be production ready? Who will support it?
  7. What's better?[ Go to top ]

    An respected organization that will tell them WHAT will be delivered and WHEN. Do you know when Axis2 is going to be production ready? Who will support it?

    "Production ready" may mean different things to different people. We started using Axis when it was in beta and it practically did not have any issues; it's a great product. I'm sure Axis2 will be just as good. If you are looking for Axis support I'd suggest you ask this question on Axis developers' list, surely you'll have plenty of offers, especially if you are willing to pay for it.


    Igor Zavialov, Factoreal Corp.
    Factoreal Web Service API for Financial Data
  8. An respected organization that will tell them WHAT will be delivered and WHEN. Do you know when Axis2 is going to be production ready? Who will support it?

    My question only covered one side of what Oblix purportedly could do..namely web services security (WS-Security)
    The other feature of the Oblix product(id management and hence single sign-on to all apps in an organizaton via an umbrella application) was not I was talking about (I don't care about that now as I am not an organisation:)

    Oblix sounds "heavy" to me in terms of doing WS-Security.
    Axis2 can be "bolted-on" to any J2EE app server (not just the oc4j-from-oracle [aka orion server]) out there and so I see significant advantages - mainly ease of installation and FREE-in using Axis2 for WS-Security. Oblix is touted as doing id management + WS-Security and could be an installation nightmare with other app servers and hence "heavy" and costly if all I want to do is just WS-Security

    All that said, I have never heard of Oblix before...I have heard of Netegrity though, which does what Oblix seems to be doing. Technology changes so fast. What is touted today as the best thing since sliced bread sometimes sour with time (take Entity EJB [until 2.0] as an example)
    With technology only time reveals what is good and what is bad! Nothing else!
  9. Gartner's Quadrant[ Go to top ]

    Netegrity and Oblix's products are both in the Gartners top quadrant ..but this acquisition by Oracle, might actually strengthen Netegrity (which actually was bought over by CA, which had its own eTrust offerings).
    Technology wise and breadth of coverage wise, Netegrity's depth is by far superior to that of Oblix.
    Lets watch and see where oracle takes this product line.
  10. Gartner's Quadrant[ Go to top ]

    Loosely Coupled has some insightful comments about this aquisition too:
  11. ...this is an attempt at platform tie-in via a non-standard policy enforcement scheme. Unless I think the world revolves around Oracle AS and Oblix, I have to go with a SAML/XACML implementation and a more foundational view of my SOA infrastrcture components.