• Find us:
    +1 415 655 1723   |   +91-844-844-8901
  • Free Newsletter

     
     

  • Archive

  • Categories


  • Oracle Entitlements Server Policy Distribution Modes

    Posted by "" in "OES" on 2014-06-14

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Overview

    Oracle Entitlements Server uses different Policy Distribution Modes to distribute policies to several Policy Decision Points (PDP) in Security Modules. Policy Management and Policy Distribution are two distinct operations in Oracle Entitlements Server. Policy Administration Point (PAP) is responsible for creation and management of application policies. These policies are stored in Policy Information Point (PIP) which can be an LDAP or database. On evaluating the policies, the grant or deny decision made by PDP is sent to the Policy Enforcement Point (PEP) to enforce the result in application.
    In this post, I will talk about the Policy Distribution and the three types of supported Policy Distribution Modes. Policy Administration component of Oracle Entitlements Server lets you define, delete and manage policies in policy store. Policy Distribution Component makes these policies available to the PDP services of configured Security Modules. PDP services evaluate these policies and provides grant or deny result on accessing a protected resource.

    Policy Distribution

    The Policy distribution may include one or all of the following actions:

    • Reading policies from a policy store
    • Caching policies in a cache maintained by Security Module
    • Preserving policies in a file-based persistent cache which is independent of the policy store

    Policy Distribution Modes

    The distribution mode configuration is defined in the jps-config.xml file of the Security Module. Oracle Entitlements Server is responsible for distributing the policies the configured Security Modules. The Policy Data can be distributed in one of the following ways:

    1. Controlled-push: In this distribution mode, the policy distribution is initiated by the Policy Distribution Component of the Oracle Entitlements Server. It ensures that PDP Client receives the policy data that has been stored in the policy store. The Security Module cannot request the policy distribution. The “Distribute” button in OES APM Console marks the policies as “Ready For Distribution”. In this mode, the policies are pushed to the PDP client as soon as they are marked as “Ready For Distribution”. It is supported only on database type of policy stores.
    2. Controlled-pull: The PDP client of the Security Module periodically pulls the policies from the policy store and stores in a local cache. The default fetch interval is 10 minutes. The policies need to be marked as “Ready For Distribution” in the OES Console. Like Controlled-push distribution mode, Controlled-pull is supported only on database policy store.
    3. Non-Controlled: The PDP client of the Security Module periodically makes connection to the policy store to retrieve the policy data. This distribution is initiated by the Security Module. The policy store has to be online and available to the PDP service all the time. It is supported on both LDAP and Database type of policy stores.

    The choice of the policy distribution mode depends on the following factors:

    • The type of policy store you are using – database or LDAP
    • How the application policies are actually distributed
    • Availability of the OES Administration Server

    References

    1. Oracle® Fusion Middleware Developer’s Guide for Oracle Entitlements Server : http://docs.oracle.com/cd/E21764_01/security.1111/e14097/distpolicies.htm
    Ganesh Kamble works as Oracle Fusion Middleware Consultant and is an Oracle Certified Specialist in Access Management. Having started his career in product development at Oracle, Ganesh got excellent exposure to the middleware technologies during his work in integration of Tier-1 banking product Oracle Banking Platform with Oracle Fusion Middleware products. He was honored with Outstanding Contribution award by Oracle.
    His key areas of interest are Oracle Identity and Access Management, Oracle Service Oriented Architecture and Java with passion for blogging on various encounters with Oracle products. He publishes blogs regularly on http://k21technologies.com/blog/. He can be reached at ganesh.kamble@k21technologies.com and http://twitter.com/ganeshk_8
    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Leave a Reply

    Your email address will not be published. Required fields are marked *



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    128 Uxbridge Road, Hatchend,,
    London, HA5 4DS

    US: +1 415 655 1723
    India: +91-844-844-8901

  • Copyright 2019, K21 Technologies. All rights reserved
  • TOP
    TOP