My blog about casio pathfinder…

When pursuing a degree, it is important to look around carefully, and to determine the kind of degree that will be most valuable to you, both now and in the future. It is not enough to choose a degree that is applicable to where you are in your current…

Just to add a couple of thoughts to what my colleague Simon had to say …

If we take a holistic view of data security either in the enterprise or only within the context of the cloud, we need to protect data all the way from "silicon to the desktop," as I like to say. IAM has the role of administering, provisioning, enforcing and auditing user access rights while data is online, while provisioning and monitoring IRM to extend protection beyond the online system, with rights still being maintained in harmony with the online system. Oracle provides those essential components (IAM and IRM), plus a full suite of Database Security products to protect data at rest and in transit, plus security at the operating system level (e.g. Trusted Solaris) to extend essential security protections right down to bare metal.

I don't who will drive the market, but we certainly intend to be part of the race. It will be a fun ride!

Thanks,

Mark

Oracle IRM from an IDM perspective is seen as a way to extend the access perimeters. It allows for the same authorization and authentication controls to an application to apply to content that is exported and distributed beyond both the application and classic enterprise network perimeters.

What is key to IDM and IRM being integrated, is IDM typically hosts the policy and process around who gets access to what. This means that IRM simply becomes the document control and cryptography service, it simply asks another technology for what a user can do and then enforces the response. Currently in all IRM/ERM technologies, the classification model is IN the technology. With the latest 11g release of Oracle IRM this classification model can be driven from anything. A good example is Oracle Beehive 2.0 which has an out of the box Oracle IRM integration. This means that the classification, or more specifically, the rights model in Beehive dictates who can access what. So when you open a Beehive IRM protected document, the request goes to the IRM server, which in turn talks to Beehive to get an answer for if the user can open, print or edit the content.

There is definitely opportunity here for the introduction of a standard for this exchange of authorization requests. Oracle IRM already uses standard protocols for the authentication of the end user to a piece of content and with the new architecture in Oracle IRM 11g, the future is ready for the standardization of the authorization of access to content.

With regards to document format standardization, this is ideal,but more long term. Vendors already use standards for the cryptography involved in securing these documents, but each ERM/IRM vendor has different ways in which the format is put together. Oracle IRM is in good shape here because our document format is quite simple. It comprises mostly of the encrypted source document, an XML header which defines the classification details and then the whole file is digitally signed. It isn't a complex format and could easily be written into a standard.

Who can contribute what? Well, Oracle is already doing a lot of this work building solutions for customers who are driving the need to be more open, support more formats and platforms and have out of the box integrations with industry applications. Obviously all this work is internal to Oracle and maybe the future is working with groups like Oasis (http://www.oasis-open.org) which I know Oracle already has a strong relationship with.

How to integrate the structured and unstructured world is a fascinating question. I spoke with a CTO of New York City a few years ago and he mentioned the need for a centralized system that contained the policies that would apply to both structured and unstructured data. When Oracle acquired BEA we took on WebLogic and the Entitlements server, two very key pieces of technology in having a central location for dictating policy and entitlements across a wide platform of services and over the coming years we will see Oracle embed a lot of this technology into the application server layer so that it is easy to have a single, central technology maintaining policy and classification with all systems referring to it.

So I think from an Oracle point of view, many of the items you bring up are things on the road maps of many technologies that will ultimately lead to the ability to secure access to information both in the cloud, on the desktop and on your mobile device and do this in a manner that is well integrated and open.