Oracle Open World S308250 Securing Your People Soft Application Via Idm

S308250 Securing Your PeopleSoft Application Greg KellyProduct Strategy Manager, PeopleTools

Edwin Lorenzana IDM Program Manager, City of Boston

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Agenda

• City of Boston Experience

• New Security Features in PeopleTools 8.50

City of BostonPeopleSoft /Identity Management Implementation

Definitions

• Identity Management (IDM): IDM is the process by which various components in an identity management system manage the account life cycle for network entities in an organization, and most commonly refers to the management of an organization’s application users

• Provisioning refers to a technology and process based solution for enforcing and managing the creation, read, update, and deletion of user accounts based on a defined security policy. Provisioning is also a means of propagating security policy, for example by setting access rights on management systems based on group memberships and/or role assignments

• Authentication: The process of verifying the identity claimed by an entity based on its credentials

• Authorization: Authorization is the process of determining if a user has the right to access a requested resource

• Authorization Policies: Declarations that define entitlements of a security principal and any constraints related to that entitlement

• Account Life Cycle : The steps that are taken to provision access for a user to a given system resource

• RBAC – Role based access: Providing access to a system resource based on programmatic logic based on roles

• Authoritative Resource: System of reference for employment status and position description

• Target System Resource: System/application where the automated provisioning will occur

• LDAP: The Lightweight Directory Access Protocol is an application protocol for querying and modifying directory services running over TCP/IP

• Single Sign On: is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems

What is IDM ?Identity and Access as a Service

End Users

Policy Managers

Apps & Services

DBAs

Self-Service

DelegatedAdministration

Identity & RoleLifecycle Management

IdentityAnalytics

Authentication &Authorization

Monitoring

FraudPrevention

Workflow

RBAC & SoD

Benefits Trusted and reliable security

Efficient regulatory compliance

Lower administrative and dev costs

Enable online business networks

Better end-user experience

New Hire

Step TwoManager submits forms &

phone calls for access· Facilities/Security· Telecom· MIS

Step ThreeHelpdesk receives forms &

assigns to appropriate department

· LAN· App SQL· BAIS· Facitlities

DatabaseStorage GroupActive Directory

Account

Step FourSystem admin per resource creates accounts & access

· AD Account· Application access· Telecom· Facilities· Desktop set up· Security badge

Step OneEmployee is entered into PeopleSoft HR system

· Payroll· Benefits· Job Data

Step FiveSystem Administrators

& Physical access support teams notify the employee’s manager of the completed

items.Manager approves & notifies new hire

Account Life CycleWhat are we capturing??Manual-New Hire-Employee Provisioning Process

Account Life CycleWhat about removal of access?Manual – Employee De-Provisioning Process

Step ThreeHelpdesk receives forms &

assigns to appropriate department

· LAN· App SQL· BAIS· Facitlities

DatabaseStorage GroupActive Directory

Account

Step FourSystem admin per resource removes accounts & access

· AD Account· Application access· Telecom· Facilities· Desktop set up· Security badge

Step OneHR is notified of the

employee termination

· Payroll· Benefits· Job Data

Step FiveSystem Administrators

& Physical access support teams notify the employee’s manager of the completed

items.Manager is notified

Leaves the City of Boston

Step TwoManager submits forms &

phone calls for access termination

· Facilities/Security· Telecom· MIS

Phase 1PeopleSoft Integration

In an IDM Integration PeopleSoft plays two roles

• Authoritative Resource

• Target System/Resource

Business Requirement

In fiscal year 2007-2008 the City of Boston (COB) contracted Oracle Identity Management consultants, KPMG auditors and independent security consultants to assess COB’s various MIS environments. One of the focused areas was the current lifecycle of user identities across the enterprise and the existence of data security controls on COB’s user stores and applications. The findings developed two sets of goals:

• The first set goals are driven by business demands to provide a single sign on solution that will streamline the account lifecycle by providing an automated provisioning solution along with improvements of the current authentication and authorization methods

• A secondary set of goals have been set by the regulatory and audit findings from the 07 KPMG audit of COB’s Financial and MIS systems. These audit findings require COB to establish a security and risk management strategy that provides controls that will satisfy regulatory compliance requirements. The solution needs to safeguard the privacy data of City of Boston residents and employees found in the various user account repositories and applications managed by the COB MIS teams

PeopleSoft/IDM Integration Goals

Address the City of Boston’s tactical need to provision PeopleSoft HCM user accounts to support its rollout of PeopleSoft Portal and Employee Self-Service by implementing the following solutions:

• An Authoritative Resource for user data

• Centrally managed LDAP directory

• Automated provisioning of PeopleSoft user accounts

• Access control to PeopleSoft Portal/Self-Service

PeopleSoft Integration Challenges

Define an Authoritative Resource for user data

• Discover which user directory/user store contains all user data

• The directory must provide data that is related to the users employment status and describe the users position

• Define the account life cycle for employees and non-employees

• Data required for an IDM integration is usually not collected by an organization in a centralized location

• The directory/user store must be able to communicate with the IDM suite


Centrally Managed LDAP Directory

• An enterprise user directory containing all users does not exist

• The current Active Directory LDAP environment is highly decentralized and accounts are managed independently across departments within City of Boston. Active Directory domain trusts are not implemented.

• Decentralization, while sensible within the distributed, autonomous culture of the City’s departments, inevitably leads to inconsistent levels of security across the Active Directory domain.

• The absence of a centrally managed LDAP directory will need to be addressed before a Single sign-on solution could be implemented.


Automated provisioning of PeopleSoft user accounts

• The primary obstacle to the initial rollout is the fact that thousands of new user accounts must be provisioned in a secure and efficient manner

• Ensure that access to employee data is limited to the given employee

• Provide non-employee access to the portal

• Ensure that accounts are disabled at termination of employment

• Provide a roadmap to meeting audit & compliance goals


Access control to PeopleSoft Portal/Self-Service

• Integrate with existing PeopleSoft authentication

• Provide Web Single Sign On

• Centralize Password Self Service

• Delegate Administration by non IT/MIS staff

• Integrate with the Enterprise Directory

• Provide enforcement of the password policy

Proposed ArchitectureIDM/PeopleSoft Integration - Server Topology Diagram

PeopleSoft Integration Solutions

Define an Authoritative Resource for user dataPeopleSoft HR

• The PeopleSoft HR database will serve as the authoritative source for all identity data within the City of Boston as it contains all employee data

• Programmatic authentication/access decisions will be made by the IDM system based on user status & job data received from PeopleSoft

• PeopleSoft will be responsible for triggering the updates of an account status within the IDM provisioning system

• PeopleSoft can be configured to maintain the account lifecycle for employees and non-employees

• PeopleSoft can be configured to collect user & job data required by an IDM implementation

• PeopleSoft is compatible with the messaging and LDAP requirements of the IDM suite


Centrally managed LDAP directoryOracle Internet Directory (OID)

• OID is the enterprise directory for all user accounts

• OID provides a secure industry standard protocol (LDAP) for authentication

• A centralized enterprise directory simplifies the integration of applications

• The enterprise directory provides applications the ability to authenticate all users that currently exist across the various Active Directory environments

• Provides integration with Oracle Identity Management (OIM) for automated account provisioning employees and non-employees

• Integration with Oracle Access Manager will lead to single sign on


Automated provisioning of PeopleSoft user accountsOracle Identity Management (OIM)

• OIM provides automated account provisioning of users/employees

• OIM receives real time user status messages from PeopleSoft

• The access logic is based on user job data from PeopleSoft

• Automated provisioning targets the HCM, Portal & OID system

• Non-employees are created manually & given role based access in OIM

• Integration with OIM provides the ability to enforce IDM policies & controls

• Integration with OIM lays the foundation for audit and compliance

• OIM can be configured to maintain the account lifecycle for employees and non-

employees based on PeopleSoft data


Access control to PeopleSoft Portal/Self-Service

Oracle Access Manager (OAM)

• Application single sign-on allows users who have been authenticated by OAM to access applications without being re-authenticated.

• OAM integrates with PeopleSoft’s Single Sign technology via secured headers and/or cookies

• OAM when integrated with OID also provides an option for LDAP authentication for PeopleSoft applications

• Self service password reset can be provided by OAM or OIM

• OAM allows for delegated administration

Implementation Issues• Governance

– IT Security Policies– Data Standards– Account Standards

• Business Process– Account Lifecycle– Data Standards

• Technology– Architecture (deployment of firewalls & web-gates)– Introduction of Reverse Proxy– Database Encryption for account data– Role Based Access – (AD groups vs OVD groups)– Software Development Lifecycle

• Support– Internal IDM Support– Knowledge Transfer from implementation– Help Desk Support– Branding– Training

Lessons Learned• Governance

– IT Security Policies– Assign a Data Steward

• Business Process– Account Lifecycle– Development Lifecycle

· Uses cases· Test Scripts

• Technology– Architecture (deployment of firewalls & web-gates)– Group assignment (roles) (AD groups vs OVD groups)– Architecture Security (firewall/web gates)– Data & Password encryption (OIM/OID)

• Support– Oracle Support / Integration Partner– Architecture direction – stay on the oracle roadmap– Proper internal support

· Java developer· LDAP admin· Integration support (web)· Integration support (servers

Next Steps Continuous Improvement

Infrastructure ExpansionEnhanced authentication and single sign-on for applications

authenticated via the Enterprise Directory

• Oracle Virtual Directory– Provides real time change of access as employees change

positions

• Active Directory Integration – Automated Account Provisioning for windows logins– Active Directory Password Sync

• Audit & Compliance– Attestation/Recertification for non-employee accounts– Attestation/Recertification for service accounts

Next Steps – Enterprise Directory

ProposedEnterprise Application Authentication Model

Via Oracle Virtual DirectoryUsing AD/ IDM Directory Architecture

OVDOracle Virtual Directory Server

OIDOracle Internet

Directory

AssesingMicrosoft

Active Directory

BPSMicrosoft

Active Directory

PoliceMicrosoft

Active Directory

ISDMicrosoft

Active Directory

DNDMicrosoft

Active Directory

Boston-nt-netMicrosoft

Active Directory

BPLMicrosoft

Active Directory

FireMicrosoft

Active Directory

Enterprise Applications

OAMOracle Access

Manager

Em

p D

ata

Mes

sag

ing

Em

plo

yee

Acc

ess

Ver

ific

atio

n

Authentication Model IntroductionIn this model, we assume that all Active Directory (AD) and Oracle Internet Directory (OID) user stores on the directory level contain a common unique identifier (employee ID) for each user account.

In this model we have an OID “enterprise directory” that synchronizes with the main source of enterprise employee information for all users (PeopleSoft).

For each user in the OID enterprise directory, there is a corresponding account in Microsoft Active Directory for user-authentication & group permission purposes via the OVD layer.

PeopleSoft Environment

OIMEnvironment

Authentication via the Hub

Authentication outside the Hub

Colors

By

Jessie

· HR Account Life Cycle – Completed

(capture of procedures)

· Hire, Transfer & Termination

Procedures

· BAIS HCM Process

(PeopleSoft)

· IDM Process

· AD Account Life Cycle -

· AD Provisioning Procedures

· BAIS HCM Process

(PeopleSoft)

· IDM Process

· Application Account Life Cycle

· Application Provisioning

Procedure

· BAIS HCM Process

(PeopleSoft)

· IDM Process

Account LifecycleBusiness ProcessGovernance

Drive Enterprise Direction & Standards

· Governance standards

· Governance Board Charter

· Selecting Members/Owners

· Business Policy / IT Policy

· Current Policy

· Policy creation & approval

· Data Standards & Procedures -

· HR Data Standards

· BAIS HCM Process

(PeopleSoft)

· IDM Process

· Directory Standards & Procedures-

· Business Requirements

· Data Requirements

· Directory Requirements

· Functional, Security &

Provisioning Procedures

· Application Standards & Procedures-





Standardizing Employee ID as the Unique Identifier in the Enterprise

· Account Matching & Data

Recertification

· Acct Matching &

Recertification Tool

· HR Reps Data Recertification

· AD Admin Data Recertification

· Emp ID Data Load Process

· Active Directory- Emp- ID

Implementation

· Emp ID as Username

· Emp ID E-mail Alias

· Application– Emp- ID Implementation

· Emp ID as Username

· Emp ID E-mail Alias

ID Aggregation (UID) & Sync

Application Integration

Enterprise Directory access for Applications,

· Authentication & Single Sign On

· Integration & authentication

with Oracle Internet Directory (OID) to provide access to the enterprise user store via LDAP

· Authentication via Oracle

Access Manager(OAM) to provide single sign on

· Integration with OAM to

enforce password policy

· User Management & Provisioning

· Implement user management

tools

· Automate Provisioning/De-

Provisioning procedures

· Provide auditing & reporting of

the life cycle of the users various application accounts

Infrastructure ExpansionImplement Virtual Directory

· Implement Virtual Directory


· Employee ID Data Standards

· Role Based Standards

(e.g. OU/Containers)

· Authentication Standards

· Define Functional, Security &


Enterprise DirectorySupport Model

· Data & Business Processes

· Governance Board

· HR Departments

· Business Analyst – MIS

· Functionality Development & Support

· PeopleSoft - BAIS

· IDM – App-SQL

· Active Directory – AD group

· Administration

· IDM App-SQL

· Active Directory Group

· Application Owner

· Help Desks

· Audit & Reporting

· Enterprise Security Team

· IDM-App SQL

Enterprise Directory ServicesGoals

· Enterprise Security Model

· Establish a governance board to define security

priorities in the area of privacy and compliance requirements

· Establish the PeopleSoft HR user store as the

authoritative source for the status of all City of Boston employees

· Role based assignment based on HR department &

job data

· Automated user account lifecycle events based on

triggers from HR data

· Improved tracking of non-employees using PeopleSoft

functionality

· Enterprise Directory Services

· Provide authentication for the City wide user store

· Group employees by their current HR department ID to

support future role based assignment

· Provide authentication services for applications in the

various AD Domain environments

· Improve legal and regulatory compliance by enforcing

standard policies at all points of entry (e.g. password policy)

· Implement password synchronization in AD directories

and application user stores

· Enterprise Access Control & User Management

· Document the business requirements for user access

& management as defined by the business owners

· Implement functionality that supports centralized

management of user identities & role based assignment of resources while maintaining delegated administration capabilities for business lines

· Improve user experience by enabling single sign-on &

password self service

· On demand compliance monitoring via IDM services

· Enterprise wide workflow and policies to accommodate

job changes

· Automate non-employee & privileged account

recertification process

· Reduce operating costs related to user administration

Phase 1 Phase 5Phase 4Phase 3Phase 2

Infrastructure ExpansionActive Directory Integration

· Implement AD Password Sync Tools

· Data Standards

· Implement AD User Management Tool

(Provisioning)



· Enterprise Directory

Requirements



Next Steps – Enterprise Directory Service Model

PeopleToolsSecurity

<Insert Picture Here>

PeopleTools 8.50Security

29

New Security Picture

30

31

Market Drivers/Business NeedsSecurity Administration

• Market Drivers• Industry Requirements• Government Mandates

• Business Need• Customer Adoption of Standards• Reduce Audit Impact

• Value Proposition• With every release of PeopleTools, we strengthen existing, or

add new, security features.

32

New and Changed FeaturesSecurity Administration

We are taking steps to increase the infrastructure security for those customer who have invested in Oracle and are able to take advantage of Oracle Technology security features. Auditors are requiring and customers are requesting the capability of protecting data at rest in the database, establishing segregation of duties in database administration and more granular auditing of PeopleSoft across the enterprise.

• Support for Transparent Data Encryption (TDE) and Oracle Data Vault (ODV)

• Support for Oracle Audit Vault

33


We are also extending the available resources for the Identity Lifecycle by facilitating the adoption of resources and disciplines to protect user access and file transfer and to reduce the cost of deployment.

• Preconfigured integration with Oracle Access Manager• Support for FTPS (FTP security)• Support for Microsoft ADAM (AD LDS)• Use of JNDI libraries for LDAP support

34


We continue to deliver increased protection for system to system or services based communication by extending the web service security option available. This protection is also based on open standards.

• SAML for web services security (note: NOT federated identity)

• Extended WS-Security support

35


In PeopleTools 8.50 we have added additional hardening features to mitigate abusive access attempts and to reduce data leakage.

• Decoupled PS_HOME• Server based anti-virus• Background tasks to remove orphan files on the web

server/app, server mitigating data leakage• Mitigation of abusive access attempts (bot based)

– Configurable error messages for incorrect login, reduces data leakage (some hackers use the error messages to modify their attempts)

– Throttling invalid access attempts• Reducing false positives from threat analysis (customers

are using more of these threat analysis tools)

36

User-Level SAML Security

For Web Services

37

SAML SecuritySupport

• Description

• Business Need and Benefits

• Setup and Process

38

SAML Support Description

• With PeopleTools 8.50, you can now secure web services using SAML, providing greater flexibility and granularity. This is based on node to node certificate trust.

Note: This is NOT SAML support for user authentication or an integration with identity federation. SAML is a token based on standards, NOT a standard token. SAML is not synonymous with Identity Federation

39

SAML Support Business Need and Benefits

• PeopleSoft can now verify user IDs included in the SOAP header or associated with a node definition before invoking a web service request. The user ID must be defined in the system as a valid PeopleSoft ID, and, as with any other user ID in the PeopleSoft system, the user ID gains access to system resources through permission lists.

• The Web Services page in the permission lists component enables you to assign web service permissions to user IDs.

40

SAML Support Setup and Process

Go to SAML Inbound Setup: PeopleTools > Security>SAML Administration Setup > SAML Inbound Setup

41


Support For Secured FTP (FTPS)

42

FTPS Support

• Description

• Business Need and Benefits

• Setup and Process

43

FTPS SupportDescription

• In PeopleTools 8.50 we will be introducing support for FTPS using file transfer libraries.

• SFTP is still facilitated using the ftpunx script customization

So when will SFTP be supported … ?

44

FTPS Support Business Need and Benefits

• This will provide secured file transfer capability on all platforms

• Although PeopleSoft always considered that FTP servers would be protected behind corporate firewalls customers and their auditors have raised concerns

• Corporations are insisting on building security into their infrastructures

45

FTPS SupportSetup and Process

• Certificate Alias

• The Certificate Alias must be an alias name of a certificate stored in thedatabase (using the PeopleTools Digital Certificates page).

• Verify Host

• 0: Do not verify the server for host name.

• 1: Checks if there exists any value in the common name field in the server certificate. Does not verify if it matches with what the client specifies.

• 2: (Default) Checks for a match with the hostname in the URL with thecommon name or Subject Alternate field in the server certificate.

• Verify Peer

• False: Do not verify the Peer.

• True: (Default) Verify Peer. This will authenticate the certificate sent by the server.

• SSL Usage Level

• 0 - No SSL: No SSL will be used.

• 1 - Try SSL: Try using SSL, proceed as normal otherwise.

• 2 - SSL for Control: Require SSL for the control connection.

46


Native Integration

Oracle Access Manager

47

Oracle Access Manager PeopleSoft Native Support

• Business Benefits– This feature provides check box configuration for OAM with

PeopleSoft

• Business Need/Business Benefits– This feature will simplify adoption by PeopleSoft customers of OAM

Note: With the release of PeopleTools 8.50, PeopleSoft will be dropping native support for OSSO

48


Support for Transparent Data Encryption (TDE) and Data Vault

49

TDE and Data Vault Support

• While customers have implemented TDE and Data Vault with PeopleSoft, this feature provides support for install and Upgrade

• Transparent Data Encryption

• Oracle Data Vault

50

Data Encryption Challenges

• Meeting Regulatory Requirements surrounding Data protection of PII data.

– In recent years there have been numerous incidents of identity theft and credit card fraud resulting in damages reaching into the tens of millions of dollars.

– Protecting against these types of threats requires security solutions that are transparent by design.

– Universities and health care organizations are tightening security around personally identifiable information (PII) such as social security numbers while retailers are working to comply with PCI-DSS requirements.

51

Transparent Data Encryption -TDE Benefits

• What are the benefits of using the Transparent Data Encryption (TDE)?

– TDE Is Application Transparent: • No Views Required• Application logic performed thru SQL will continue to work • Transparent Key Management and Separation of Duty• Manages the encryption keys transparently• Encrypts the index value associated with a given application table

– Regulatory compliance• Media protection: (For data at rest )

– Disk drive replacement or backup tapes• Low implementation costs:

– No database triggers or views required– Index support for equality searches

52

Database Vault Support

• There is no explicit integration between PeopleSoft and the Oracle DB Vault feature.

• Templates for DB Vault Rule-sets which can be used with a PeopleSoft installation have been developed and posted on the Oracle technology network (OTN).

• http://www.oracle.com/technology/software/products/database_vault/index.html

– Database Vault 9.2.0.8 security policies for PeopleSoft – Database Vault 10.2.0.3 security policies for PeopleSoft

• Database Vault 10.2.0.3 security policies for PeopleSoft can also be used for 11g

• Separate templates exist for each version of Oracle where DB Vault is supported. These templates are applicable to the following PeopleSoft releases: PT8.2x, PT8.4x and beyond

53

Data Vault Support PeopleSoft Realm

• This realm protects against unauthorized access by privileged users to business data. It protects all objects owned the PeopleSoft Access Id in addition to some PeopleSoft database roles. Access to this Realm is granted to PeopleSoft Access Id as well as the user PSFTDBA.

• The user PSFTDBA is a new user designed to do administration activities on the PeopleSoft applications (such as patching) but it is not allowed to access business data inside the PeopleSoft applications.

• The PeopleSoft Access Id authorization is restricted to specific processes. This is enforced through the PeopleSoft Access Rule Set.

http://www.oracle.com/technology/software/products/database_vault/index.html (see link for “Database Vault 10.2.0.3+ and 11.1.0.6+ security policies for

PeopleSoft”)

54

Database Vault (DBV) can help mitigate the risks of the following regulations at the data tier level

Regulatory Legislation Regulation Requirement Does DBV Mitigate

This Risk? Sarbanes-Oxley Section 302 Unauthorized changes to data Yes

Sarbanes-Oxley Section 404 Modification to data, Unauthorized access Yes

Sarbanes-Oxley Section 409 Denial of service, Unauthorized

access Yes

Gramm-Leach-Bliley Unauthorized access,

modification and/or disclosure Yes HIPAA 164.306 Unauthorized access to data Yes HIPAA 164.312 Unauthorized access to data Yes

Basel II – Internal Risk Management Unauthorized access to data Yes CFR Part 11 Unauthorized access to data Yes

Japan Privacy Law Unauthorized access to data Yes

Data Vault Support PeopleSoft Realm

Oracle Database Vault can be used to help fulfill various compliance related requirements, such as the following:


Decouple and SecurePS_HOME

Feature Overview

• AppServer and PRCS domain configuration outside PS_HOME

• Support existing behavior but not as default• Allows customer to:

– Deploy secure-by-default environment– Minimize disk-space by PS_HOME sharing– Apply patches easier– Reduce administration overhead

• No impact to Web Server – PIA deployment

Secure PS_HOME Overview

• Install PeopleTools using admin account making directory tree read-execute only

• Create and start domains using a restricted account which cannot write to PS_HOME

• Achieved using:– Management of users and groups– Root / sudo access– Network drives on Windows

• Technique used should be suited to the security processes for the organization in question

Secure PS_HOME

• PeopleSoft Applications no longer write to PS_HOME at runtime - all writes now outside PS_HOME

• Installation should be performed by an admin user who can restrict write-access access to the PS_HOME directory tree– On UNIX this may be achieved using umask settings – On Windows this is achieved by installing with an admin

account

• Due to differences between user and security models on UNIX and Windows steps taken are quite different

So it can be Secured …

And also Shared …

Sys Admins – Action Items

1. Review System and Server Administration PeopleBooks

2. Identify post-installation customizations required => ensure these are done using the installer admin account

3. Decide on whether to deviate from the default PS_CFG_HOME

4. Test the environment to verify security

5. Identify and resolve any problems

62


Security

Other Features

63

Other Features

• ADAM (AD LDS) Support• JNDI Replacing LDAP libraries• Securing Server Based File Directories• PIA Hardening• MCF/CTI

– Presence– UAD– CTI Applet– Genesys

64


More Information

65

• PeopleTools Strategy eMail• [email protected]

• PeopleTools on Oracle Wiki• http://wiki.oracle.com/page/PeopleSoft

• PeopleSoft discussion forums• http://forums.oracle.com/forums/category.jspa?categoryID=152

• PeopleTools Blog landing page• http://blogs.oracle.com/peopletools

• Open Group Jericho Forum "de-perimeterization":• http://www.opengroup.org/jericho/deperim.htm

• Oracle's Critical patch Update• http://www.oracle.com/security/critical-patch-update.html

More Information

66

Go to OTN - Oracle Technology Networkhttp://www.oracle.com/technology/index.html

Look at the upper right hand corner ( Account | Manage Subscriptions | Sign Out ) Make sure you're logged in, thenClick on “Manage Subscriptions” Scroll down to “Opt-in to Oracle Communications” Check box for “Oracle Security Alerts - Get the latest Security Alerts issued by

Oracle as they become available” ... and any other alert or newsletter you want to receive Scroll down to the end of the page and "Confirm"

Not getting Security and other Alerts?

More Information

• FMW Best Practice Center for Peoplesoft– http://www.oracle.com/technology/tech/fmw4apps/peoplesoft

• PeopleSoft Tools and technology– http://www.oracle.com/technology/products/applications/peoplesoft_ent/

• PeopleSoft Technology Blog– http://blogs.oracle.com/peopletools/

• Fusion Middleware @ oracle.com– http://www.oracle.com/fusion

• Fusion Middleware @ OTN– http://www.oracle.com/technology/products/middleware

• FAQ: Using PeopleSoft Enterprise with Oracle Technology Components– http://www.peoplesoft.com/corp/en/iou/red_papers/index.jsp

68

Additional Resources

• For more information about Oracle Applications• http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.htm

• For more information about Education• http://www.oracle.com/education/index.html

• For more information about Support• http://www.oracle.com/support/

• For MetaLink information• https://metalink.oracle.com/CSP/ui/index.html

• For Oracle Product documentation:• http://www.oracle.com/applications/peoplesoft/tools_tech/ent/index.html

• Certification Information– Https://metalink3.oracle.com/od/faces/secure/km/DocumentDisplay.jspx?id=747587.1

• Technical Updates– https://metalink3.oracle.com/od/faces/secure/km/DocumentDisplay.jspx?id=764222.1

70

Documents

Oracle Open World S308250 Securing Your People Soft Application Via Idm