• Speaking
  • Downloads
  • About Talking Identity
  • About Me

Oracle acquires Bridgestream

  • Posted on:September 6, 2007
  • Posted in:Oracle Identity Management
  • Posted by:Nishant Kaushik
4

So the worst kept secret in IAM history is officially out. Oracle yesterday issued a long-awaited press release announcing the acquisition of Bridgestream in the Role Management space. Of course, if you have been anywhere near an internet-connected computer, you’d have seen everybody and their mother blog about this. And some of the buzz has been quite interesting, which I will touch on in a later post.

To many, an acquisition in the ERM (Enterprise Role Management) space was inevitable. ERM has gone from cutting-edge darling of the analyst crowd to a must-have IAM solution fairly rapidly. I have myself blogged about the importance of roles in any IAM architecture a number of times. By acquiring Bridgestream, Oracle is adding their SmartRoles and SmartRoles Discoverer products to our industry-leading IdM portfolio.

Relationship-based (aka Contextual) Roles
When it first came out, Bridgestream SmartRoles introduced the interesting notion of relationship-based roles to the market. Providing a solution for the top-down approach to role engineering, the product allows customers to model a myriad of entity relationships (between such diverse entities as people, organizations, processes, projects and business resources) in it, and then express roles as a traversal of the generated relationship graph. Of course, this is not to imply that it doesn’t handle the more mundane roles we are all accustomed to, which are simply containers of people and privileges. But their ability to model roles on real-world relationships that help solve real world use cases is really what sets them apart from the field. SmartRoles also supports a number of other interesting features, including temporal views of the relationship graph that provides a time sensitive answer to the role membership question.

SmartRoles

SmartRoles also supports the much needed separation between Enterprise Roles and Local Roles (or Business Roles and IT Roles, as Bridgestream calls it). This provides a necessary abstraction between the business side of the enterprise and the security focused application side of the enterprise.

These features allow them to support some really interesting RBAC scenarios that relied on complex cross functional project relationships, as well as role-based provisioning that took the location of both people and resources into account and complex approval scenarios. The BSI relationship with Oracle started with the relationship that was initially established between Thor’s Identity Manager product and SmartRoles, providing a powerful role-based provisioning solution to customers.

Role Discovery
Bridgestream has also made a move into the role mining area with the introduction of its SmartRoles Discoverer product. SmartRoles Discoverer
complements SmartRoles top-down approach by offering companies a bottom-up methodology to kick-start their role management implementation. It provides capabilities to mine data sets from diverse sources and discover useful and meaningful roles. But role mining and verification aren’t enough, so SmartRoles Discoverer also uncovers rules and policies to govern these roles. These candidate roles, along with the discovered rules and policies to govern them, can then be exported into SmartRoles for deployment.

SmartRoles Discoverer

Adding this capability to its suite allows Bridgestream to provide a complete end-to-end process-based solution for role lifecycle management to the market.

The Future
Over time, the capabilities of Bridgestream’s advanced role discovery and modeling capabilities will be combined with Oracle Identity Management’s access provisioning and enforcement tools. So while it will still be possible to buy a pure role management product, the real value will come from the SmartRoles product (which will no doubt be renamed following the standard Oracle formula at some point) providing a richer role environment for the OIM and OAM product lines to base their capabilities on, providing customers a comprehensive solution that covers all the bases.

You can get a lot of information about the acquisition and its value (including FAQs and white papers here).

Be Sociable, Share!

Tags: Oracle Identity ManagementRole Management
  • http://www.tuesdaynight.org/ Ian Glazer

    What about pushing SmartRoles beyond just identity management in to human capital management and tradition ERP/HR functions?

  • Beatrice Kalul

    I hate to be the one that spoils the party.
    My friend Nishant, you are adding allot of “colors” to Bridgestream capabilities, way beyond the reality.
    Bridgestream is great tool to manage your roles – if you have them.
    As a project manager working in large services company, I investigated some of their customers and watched them in several accounts in Europe, inclosing some major bank in the British island. We found their technology cannot scratch the complexity of role mining. Scalability is another issue.
    I suggest that Oracle will use them to for the role provisioning processes, the Oracle solution has big enough holes there and Bridgestream has nice capabilities there.
    BK

  • Nishant Kaushik

    Ian, you are on the right track. That is exactly where we plan on taking not just the ERM capabilities, but the IdM capabilities in general. A lot of this is part of our plans for fusion architecture, in which IdM becomes an intrinsic part of the ERP environment.
    This is actually the topic of a talk I will be giving at OpenWorld. More details then.

  • Paul Walker

    I’m going head to head against Oracle/Bridgestream with Sun and another leading Role Management company at a Proof Of Concept soon. It’s going to be very interesting to see who comes out on top since Oracle clearly changed their pitch after the acquisition of Bridgestream. Good luck Oracle , let’s hope you bought the “right” solution for the customers needs :)

Recent Posts

The Conundrum of 2FA meets the Enigma that is PAM
"It's a mystery. Broken into a jigsaw puzzle. Wrapped in a conun...
The Dilemma of the OAuth Token Collector
'Tis the season to be hacked, I guess. Twitter joined a bunch of...
Why 2013 will be 'The Year of the SCUID'
I'm just now coming back to earth from the high I've been on sin...
The IDaaS Powered World
Last week I was in Colorado for the Defrag and Blur conferences....
What Happens When Telco's Declare SMS 'Unsafe'?
If you've been following Authentication related discussions, you...

Recent Comments

Bob Pinheiro on
The Conundrum of 2FA meets the Enigma that is PAM
7 weeks ago

NishantKaushik on
The IDaaS Powered World
7 weeks ago

Nikolaj Ivancic on
The IDaaS Powered World
15 weeks ago

on
The Dilemma of the OAuth Token Collector
18 weeks ago

on
The Dilemma of the OAuth Token Collector
18 weeks ago

Tags

Application-Centric IdM Burton Catalyst Conference Cloud Computing Cloud Identity Model Facebook Federated Provisioning Identity Governance Identity Governance Framework Identity in Social Networking Identity Management Identity Services IGF OpenID Oracle Identity Management Oracle Identity Manager Oracle OpenWorld Oracle_IDM Password Management Personal Identity Management Privacy Provisioning Risk Management Role Management Service-Oriented Security User-Centric Identity

Connect

Twitter Follow @NishantK

LinkedIn Connect on LinkedIn

Slideshare View Nishant's Presentations

About Me nishantkaushik.com

Categories

  • Ask Dr. K (11)
  • Identity Services (36)
  • Identropy IDaaS (2)
  • Insight IdM (124)
  • Oracle Identity Management (61)
  • Personal Identity Management (32)
  • The Cloud Identity Series (17)
  • Tips & Techniques (4)
  • User-Centric Identity (24)

Archives

  • ► 2013 (3)
    • April (1)
    • February (1)
    • January (1)
  • ► 2012 (13)
    • November (2)
    • August (3)
    • July (2)
    • June (2)
    • May (1)
    • February (3)
  • ► 2011 (29)
    • December (1)
    • November (1)
    • October (1)
    • September (2)
    • August (3)
    • July (4)
    • June (5)
    • May (3)
    • April (4)
    • February (2)
    • January (3)
  • ► 2010 (33)
    • December (1)
    • October (1)
    • September (4)
    • August (5)
    • July (6)
    • June (4)
    • May (3)
    • April (2)
    • March (3)
    • February (2)
    • January (2)
  • ► 2009 (24)
    • December (1)
    • November (1)
    • October (3)
    • September (3)
    • August (4)
    • July (2)
    • June (2)
    • May (3)
    • April (1)
    • February (2)
    • January (2)
  • ► 2008 (44)
    • December (1)
    • October (4)
    • September (4)
    • August (8)
    • July (11)
    • June (4)
    • May (2)
    • April (2)
    • March (3)
    • February (3)
    • January (2)
  • ► 2007 (56)
    • December (3)
    • November (5)
    • October (6)
    • September (5)
    • August (8)
    • July (5)
    • June (9)
    • May (3)
    • April (2)
    • March (5)
    • February (5)
  • ► 2006 (33)
    • December (4)
    • November (2)
    • October (6)
    • September (1)
    • August (2)
    • July (3)
    • June (5)
    • May (3)
    • April (2)
    • March (5)

Disclaimer

Talking Identity is my exploration of the world of Identity Management. The views expressed on this blog are my own and do not necessarily reflect the views of Identropy (doesn't mean I'm not trying hard to mold them in my own image).

Copyright © 2005-2013 Nishant Kaushik. All Rights Reserved.