Prakash Ramamurthy, one of the founders of Oblix and since the merger in March, Oracle’s VP of ID management and security products, said the product is unlike the current crop of commercially available systems. Authorization software tends to control access to applications using information about users and roles. Oracle’s software will control access privileges by checking on the resources to be accessed, and the attributes of those resources.

Much use will be made by the product of the Extensible Access Control Markup Language. Like SAML (Security Assertions Markup Language), XACML is a specialized variant of an XML-based schema, which is designed specifically for creating policies and automating their use to control access to applications on a network. Using XACML means some fine-grain controls can be added to access requests, depending on attributes of the user requesting access, the protocol over which the request is made, or the authentication mechanism.

The new product is slated for delivery in the first half of 2006. As for current business, Ramamurthy said that [thanks to a broadened Oracle portfolio that now contains ID management software alongside PeopleSoft human resources systems], the company is uniquely poised in the identity and access management market, being able to manage the whole provisioning, access control, deprovisioning lifecycle.

ID management proposals need to integrate well against existing HR applications so that employees can be provisioned from within the HR system and their security privileges synchronized through single sign-on across multiple business applications.

Ramamurthy said there is some new-found market confidence in Oblix post-merger. We always thought we had a product that was technically superior to the competition, but the sort of customers we were talking with, a bank or a multinational say, sometimes had concerns about the size the company Oblix was, and sometimes had concerns about our lack of a global presence.

The Oblix products have been rebranded and tools like the COREid Access and Identity suite now line up alongside Oracle Application Server Single Sign-On and Oracle Delegated Administration Services. These components work together to provide centralized, fine-grained access management for heterogenous application environments, as well as out-of-the-box integration with Oracle products such as Oracle Portal, Oracle Collaboration Suite, and Oracle E-Business Suite.

The past acquisition of Oblix rivals Netegrity and BusinessLayers by Computer Associates, and Waveset by Sun, has not greatly impacted the ID market Ramamurthy said. IBM remains the most significant competitor, then there’s Microsoft which has some technology but which is Microsoft-centric, and also SAP, which doesn’t really have a true ID product, he said. Sun and CA are second-tier. Past Oblix partner, BMC Software does not warrant a mention.

The ID management market is being driven by initiatives to consolidate security administration across enterprise systems for reasons of cost and compliance. The market is moving into the mainstream, Ramamurthy said. Roll-out costs are declining and allowing more organizations to start out with a piecemeal approach to federated ID.