Figure 2-3 is a block diagram labeled Oracle Security Architecture. It contains, as a first row, a long rectangle with four boxes inside it, above two shorter rectangles, which form a second row.

In the first row's long rectangle are four boxes labeled as follows:

• JAAS Roles, component access controls, Java2 permissions, all handled by Oracle iAS

• Enterprise roles, VPD, Label Security, all handled by Oracle RDBMS

• E-biz responsibilities, all handled by Oracle E-Business Suite

• File privileges, secure mail, interpersonal rights granting, all handled by Oracle Collaboration Suite

In the second row are a long rectangle on the left, labeled Oracle Identity Management Infrastructure, containing six labeled boxes, and a shorter rectangle on the right, containing two labeled boxes.

The long rectangle in the top row is connected to the long rectangle in the bottom row by a double-headed arrow.

The six boxes constituting the Oracle Identity Management infrastructure in the bottom row long rectangle are labeled as follows:

• Delegated Administration Services

• Oracle Certificate Authority

• Provisioning Service

• Oracle Internet Directory

• OracleAS SSO (Single Sign-on)

• Directory Integration Services

The second, shorter rectangle in the second row contains two boxes denoting the connection to third-party services.

OracleAS SSO (Single Sign-on) is connected by a double-headed arrow to the top box in the second rectangle, which is labeled Third-party Authentication Service.

Directory Integration Services is connected by a double-headed arrow to the bottom box in the second rectangle, which is labeled Third-party Directory Service.