Using Oracle Access Manager with Vordel to manage SOA and Cloud usage

Recently I was setting up the Vordel Gateway with Oracle Access Manager in order to insert OAM session tokens into SOAP messages. For anyone setting this up, I highly recommend the Vordel Oracle Access Manager Integration Guide, which walks through the setup process. It's available on the Vordel Extranet (login required - contact info@vordel.com for details).

The combination of Gateway technology with SSO products is very powerful. But, perhaps even more important, is the fact that Cloud Service Brokers can leverage the tokens issued by SSO products, and make use of an STS (Security Token Service) in order to map them to the tokens understood by cloud providers. This addresses the "Costanza's Wallet" problem, i.e. the proliferation of multiple token types, both within the organization (Kerberos, SSO tokens such as Oracle Access Manager and CA SiteMinder) and Cloud-side (Oauth, OpenID). Cloud Service Brokers are vital for keeping this "golden thread" of identity right from within the organization up to the Cloud-based properties used by that organization. This allows for a reliable audit trail.