Digital Identity Management

Digital identity (DI) can be defined as the digital representation of the information known
about a specific individual or organization Such information is set of claims made by one subject
about itself or another subject. Digital identity enables transactions in the digital world and offers
improved functionality for its user. Through a set of electronic attributes such as biometric
templates, online browsing records and phone numbers, digital identity aims to allow
identification of an entity online/ remotely through electronic means. For humans, this proof of
identity is a fundamental prerequisite to access critical services and participate in modern
economic, social and political systems. For devices, their digital identity is critical in conducting
transactions, especially as the devices will be able to transact relatively independent of humans
soon.
Oracle digital Identity management:
Oracle Identity Management enables organizations to effectively manage the end-to-end
lifecycle of user identities across all enterprise resources, both within and beyond the firewall
and into the cloud. The Oracle Identity Management platform delivers scalable solutions for
identity governance, access management and directory services. This modern platform helps
organizations strengthen security, simplify compliance and capture business opportunities
around mobile and social access. ("Oracle Identity Manager – Business Overview", 2013)
Oracle's Access Management suit plus:
Suit functionality:
Authentication and Web SSO: It provides centralized access control, single sign-on, and session
management to a heterogeneous application environment.
Mobile and Social Sign On: It enables single sign on for native mobile applications and secures
access from mobile devices. Also facilitates applications to consume identities provisioned by 3rd
party identity providers including popular social networks.
Adaptive Access: Provides superior protection for businesses and their customers through strong
yet easy-to-deploy multifactor authentication and proactive, real-time fraud prevention.
External Authorization: It externalizes and centralizes fine-grained authorization for enterprise
applications and web services via comprehensive, reusable, and auditable authorization policies
and a simple, easy-to-use administration model.
Federated Single SignOn: It enables cross-domain single sign-on with an identity federation server
that is completely self-contained and ready to run out-of-the-box.
Web Services Security: Comprehensive solution for adding policy- driven security and
management capabilities web services.
Secure Token Service: Brokers trust between applications and web services by issuing, validating
and managing standards-based security tokens. ("Buyer’s Guide for Access Management", 2018)
Benefits:
It is Highly-scalable access control for heterogeneous packaged applications, J2EE and web
applications, web services, and SaaS. It Improves security for mobile devices, user experience and
lowers costs of regulatory compliance. It Creates a dynamic, proactive security posture, avoiding
the common pitfalls of reactive, static security systems and simplifies application security,
removes unmanageable policy enforcement silos.
Oracle identity governance suit:
Key features:

 Simplified Access Request with intuitive and extensible user experience drives user
productivity, increases user satisfaction and optimizes operational efficiency.
 Centralized and extensible access catalog to store and further define business friendly
definitions for Roles, Applications & Entitlements.
 Requests with approval workflows and policy-driven provisioning improves IT efficiency,
enhances security and enables compliance.
 Role based access control with Role Mining & Advanced Role Lifecycle Management.
 Risk-based, business user friendly Identity Certifications & closed loop remediation of
access rights.
 Continuous IT Audit Monitoring and Reporting.
Benefits:
Increased security: Enforce internal security audit policies and eliminate potential security threats
from rogue, expired and unauthorized accounts and privileges.
Privileged Account Management: Allow users to gain access to sensitive applications in a timely
manner, while providing sufficient audit trails.
Enhanced regulatory compliance: Cost-effectively enforce and attest to regulatory requirements
associated with identifying who has access privileges to sensitive, high risk data.
Improved business responsiveness: Get users productive faster through immediate access to key
applications and systems, while enforcing security policies
Reduced costs: Reduce IT costs through efficient, business friendly self-service and platform-
based architecture. ("Integrated Identity Governance", 2012)
Oracle Identity Access Cloud:
Oracle Identity Cloud Service has been designed to meet the needs of organizations in several
typical use-case scenarios, such as the cloud, mobile access, employee-facing intranet and
customer-facing extranet solutions.
Key features:
Identity Administration: SCIM Identity Provider for simplified user management. Consistent
Admin Interfaces for User Management, Group Management and Bulk Identity Loading. Self
Service based profile and password management.
Access Management and Single Sign On: Auth Token Broker, SAML Assertion Broker, Federated
SSO using SAML2.0, OAUTH2.0, and OpenID Connect 2.0 ,Single Sign On between Oracle Public
Cloud, External SaaS, On-premise and Custom applications. Enable use of on-premise AD & OAM
for federated authentication. Authentication Service via IDCS as SAML IDP and Open ID Connect
Provider.
Application Management: Single Administration and End User View of connected applications.
Manage Oracle Public Cloud (SaaS/PaaS) Applications natively - No administrative overhead.
Bring Your Own Application – Build Anywhere, Deploy Anywhere, Manage from IDCS. Manage
On-Premise Applications – re-use your on-premise connectors. ("Oracle Identity Cloud Service- A
Business Overview", 2016)

Benefits:
Some of the key benefits include improved business responsiveness, enhanced user productivity
and experience, hybrid multi-channel access, simplified IT and reduced cost.
Oracle Directory Services Plus:
Oracle Directory Services Plus provides identity virtualization, storage, and synchronization
services for high-performance enterprise and carrier-grade environments. It is the only
integrated solution that provides a complete set of directory capabilities.
Key features and benefits:

 Lower total cost of operation and innovative integration.

 High-performance, highly scalable directory for enterprise and carrier-grade
environments.
 Multilayer security from data in transit to storage and backups.
 Unified view of identity from multiple data sources.
 Data transformation and application-specific views.
 LDAP interface to databases and Web services.
 Meta directory to synchronize data with other directories and databases.
 Unified administration and enterprise manageability.
Overall approach:
With the help of Oracle digital identity management tools, enterprises create greater
levels of business agility, ensure seamless business partner integration, and enable regulatory
compliance. Through an innovative, integrated architecture Oracle Access Manager uniquely
combines identity management and access control services to provide centralized
authentication, policy-based authorizations, and auditing with rich delegated identity
administration and workflows.

Microsoft Digital Identity Management:

Microsoft uses multiple security practices and technologies across its products and services to
manage identity and access. Microsoft approach for the decentralized identity is augmenting the
existing cloud identity systems with one that individuals, organizations, and devices can own so
they can control their digital identity and data. This self-owned identity must seamlessly integrate
into our daily lives, providing complete control over what we share and with whom we share it,
and when necessary provide the ability to take it back. Instead of granting broad consent to
countless apps and services and spreading their identity data across numerous providers,
individuals need a secure, encrypted digital hub where they can store their identity data and
easily control access to it.
Azure AD:
Azure AD is the world’s largest enterprise identity and access management solution, and is the
directory for Office 365, Azure, Intune and other Microsoft online solutions. It is a comprehensive
identity and access management service that combines directory services, identity governance,
application access management, and a standards-based platform for developers. Azure AD is also
designed to work with on-premises Active Directory and other directories, allowing organizations
to leverage existing on premises infrastructure for the cloud. Azure AD is cross-platform and
based on well-defined standards that support interoperability and compliance. Azure AD
supports many popular clients and server/service platforms.
Benefits and capabilities of Azure Active Directory:
High availability: Azure Ad is highly available which is spread across different centers in different
geographies. It has independent building blocks which provides the scale and availability. The 3
components to each partition of the directory of Azure AD are active primary in which all the
writes take place and immediately replicated to another datacenter.
Simplified Access: Access to applications across cloud and on-premises can be simplified through
Azure AD.
Single Sign On: With a single identity we can access many SaaS applications and on-premises
applications.
Application Proxy: Through the application proxy on-premises applications for secure remote
access can be published.
Access Panel: This is a good productive choice for a home page for all the employees. It lists all
the granted applications to the logged-on user and also provides account management, password
reset and group management.
Self Service: The features of self service of Azure AD can help in saving a lot of time and cost.
These are highly reliable and secure.
Self Service Password Management: Users can reset their password through this by responding
to some additional security challenges. When a situation arises, the users can change the
password and unlock the account themselves.
Secure Access: Azure AD provides multiple features to achieve the security for any identity.
Multi Factor Authentication: Two step verification can be added with Azure AD for authentication
which provides an additional layer of security to the user sign-ins. It is easy to use, scalable and
reliable solution.
Conditional Access: It provides more control on how, where and who can access the data. Policies
can be created for bringing additional access control bases on the type of devices, networks,
apps, user roles.
Privileged Identity Management: The privilege accounts are used to manage and administer the
IT systems. Securing the privileged access is critical for securing the business assets. The number
of admins can be minimized by Azure AD.
Collaboration: Azure AD helps to provide collaboration for outside the organization like partners
by providing the access to internal project site.
Azure AD B2B and B2C: With the B2B partners can be added by corporates to their project groups
and share the information internally. With B2C, tenants can be created, and the customers can
login using their social or corporate email accounts.
Reporting: Azure AD provides rich security and activity reports. With security reports we can get
an overview of the user accounts which might be compromised, and attempts made by the non-
legitimate user. (Madden, n.d.)
Overall Approach:
Microsoft Azure Active Directory is a cloud-based identity and access management
solution that can be used to help individuals sign in to both cloud and on-premises network
resources. Featuring many out-of-the-box application integrations, the software aims to unify
the process of logging in to frequently used business applications in order to save time and effort.
With single sign-on (SSO) capabilities, users do not need to memorize endless amounts of
passwords for the various business applications they use on a regular basis.

IBM digital identity management:

IBM Security Access Manager is a complete authorization and network security policy
management solution. It provides end-to-end protection of resources over geographically
dispersed intranets and extranets. In addition to state-of-the-art security policy management,
IBM Security Access Manager provides authentication, authorization, data security, and
centralized resource management capabilities.
Key features:

 Provides authentication, authorization, provides permit and deny decisions for protected
resources requests in the secure domain through the authorization API.
 Protects critical assets with risk-based and multi-factor authentication
 Secure consumer identities and deliver convenient access experiences at scale
 Facilitate a secure application programming interface (API) ecosystem by enabling user
authentication Unify access control and security between on-premises and cloud
environments
 Manage hybrid identity-as-a-service deployments via pre-integration with IBM Cloud
Identity Connect Enforce mobile access control policies that integrate with mobile device
management, application development and risk detection solutions
 Simplify web and mobile user experiences with single sign-on (SSO)
Benefits:

 A centralized integration platform for user access security, allowing organizations to avoid
having to modify application code when access or authentication requirements change
 Better protection from advanced threats including the top 10 web application risks
documented by the Open Web Application Security Project (OWASP)
 Enhanced user productivity with secure user access to web and mobile applications
through SSO, session management, multi-factor authentication and context-based access
policy enforcement
 A low-friction, security-focused, consumer identity infrastructure to facilitate user
adoption of digital channels
 Federated SSO, which helps enhance user productivity and facilitates trust through the
delivery of SSO across separately managed domains, including easily configurable
connections to popular software-as-a-service (SaaS) applications
 IBM Security Identity Governance and Intelligence:
 IBM Security Identity Governance and Intelligence is a network appliance-based
integrated identity governance solution. This solution employs business-centric rules,
activities, and processes.
Capabilities:
IBM Cloud Identity governance capabilities include:
Lifecycle management for on-premises and cloud applications, Compliance controls, including
business-user certification campaigns for access reviews. A self-care user interface for end users
and line of business managers. The ability to schedule recertification campaigns to ensure
continuous compliance. ("Deploy silent security to protect identities and future-proof your IAM", 2017)
IBM cloud identity:
Benefits: IBM Cloud Identity helps businesses to provide
Employee launch pad for a single portal to access all applications, Pre-built connections to
common cloud applications, requests to access workflows for application provisioning,
application access delegation, advanced authentication capabilities, lifecycle management, user
self-service and profile management.
Capabilities:
IBM Cloud Identity SSO capabilities include:

 Thousands of prebuilt connectors to federate to popular SaaS applications

 Prebuilt templates to help integrate legacy and on-premises applications
 Employee-facing launchpads to access any application
 A seamless user experience to access any application with one username and password
 A cloud directory for organizations that don’t already have a user directory
 The ability to sync on-premises directories like Microsoft AD for use with cloud
applications Support for multiple federation standards, including SAML, OAuth and
OpenID Connect (OIDC) ("Deploy silent security to protect identities and future-proof your IAM",
2017)

Overall approach:
By using IBM Security Identity Manager, organizations can simplify the process of granting
access rights and permissions to their employees and other personnel. Using the automated and
policy-based solution can help management better secure access to their enterprise system. The
easy-to-use interface allows non-technical users to utilize IBM Security Identity Manager without
having to have an extensive technical background. The integration with other IBM Security
Products, third-party products, and endpoint-managed systems allows IBM Security Identity
Manager a simple and secure level of maintenance over an organization's resources.

Conclusion:
As a chief security officer, I would consider the features, capabilities, benefits of each package of
each provider and I would take the following into consideration:
Identity/authentication: Prospects should determine if a product supports numerous directory
types. Capability to support existing applications, servers and databases should also be present,
along with methods for authentications such as SecureID, X 509 certificates and biometrics.
Administration: Users must be able to update their own profile data after being logging into the
system. They should likewise be able to reset their individual passwords with minimal
intervention from administrators. Integration of existing users list should also be present, with
administrators being able to manage the system from anywhere using a web interface.
Availability/Scalability: Identity management software should be highly-scalable, able to cater to
large volumes of users while retaining performance. Multiple servers should be supported, along
with load balancing and clustering in case of failovers.
Access management: The integration of a system’s access component must be one with its
identity component, allowing for the automatic updating of access policies in case of any change
in user identity. It should be able to create multi-step access policies in the absence of coding.
Role conflicts must also be detected with disallowing privileges for such easily done.
Provisioning: The ideal identity management solution should be able to add, modify or delete
users from a single dashboard. It must also have the capability to, based on policies and roles,
write to multiple user identity stores. (Watkins, 2005)
By comparing all these features and capabilities of the identity management tools of IBM,
Oracle, Microsoft, I would choose Microsoft Azure AD package of Microsoft company because
it’s a cloud-based directory. It incorporates identity management capabilities which include
multi-factor authentication, device registration, self-service password management, auditing,
security monitoring and alerting. It is Cost-effective and easy to use, Azure AD helps businesses
streamline processing, and improve productivity and security, while single sign-on (SSO) gives
employees and business partners access to thousands of cloud applications.
Oracle would be ranked second because Very well-defined connector framework, which
enables us to connect with industry-leading applications, either as a trusted source or targets.
Very much customizable and scalable as per organizational needs. Always a preferable choice
when you have an Oracle applications ecosystem in place as it's easy to configure and maintain
when coupled.
IBM would be ranked as third because BM Security Identity and Access Manager is useful
for managing large scale identity management. It integrates well with other IBM products if your
company is using them. The cost is high when installing and maintaining the whole Identity
Management stack which includes IBM Security Identity Manager, Security Access Manager.
References:
Oracle Identity Manager – Business Overview. (2013). Retrieved from
https://www.oracle.com/technetwork/middleware/id-mgmt/overview/oim-11gr2-business-wp-1928893.pdf
Buyer’s Guide for Access Management. (2012). Retrieved from
http://www.oracle.com/us/solutions/oamsbuyersguidefinal-184031.pdf

Integrated Identity Governance. (2012). Retrieved from

https://www.oracle.com/technetwork/middleware/id-mgmt/overview/idgovernance-business-whitepaper-
1708105.pdf

Oracle Identity Cloud Service- A Business Overview. (2016). Retrieved from

https://www.oracle.com/assets/idcs-business-whitepaper-3097391.pdf

Madden, J. Azure Active Directory, Identity and Access Management, and Windows 10. Retrieved from
https://info.microsoft.com/rs/157-GQE-382/images/EN-CNTNT-Whitepaper
JMActiveDirectoryandIdentityWhitepaper.pdf

Deploy silent security to protect identities and future-proof your IAM. (2017). Retrieved from https://www-
01.ibm.com/common/ssi/cgi-bin/ssialias?amp%3B=&htmlfid=WGW03348USEN

Watkins, B. (2005). Choosing an identity management solution. Retrieved from

https://www.techrepublic.com/article/choosing-an-identity-management-solution/