CIAM
IAM
WIAM
Oracle as a vendor
would emphasise
an integrated
Oracle OCI and
solution – which can
On-Prem
be good (single throat
OAuth2 and
CA: Oracle has a
to choke, optimised
Identity:Oracle’s
PQC Readiness:Oracle, integration) or
cloud Certificate
Identity Cloud (IDCS)
Service (OCI
as a database and Java challenging (less
is an OAuth2/OpenID
Certificates) that
provider, is very involved modular).
Connect provider. They
lets you create
in PQC. They
Compliance: Oracle
can manage user
announced postprivate CAs and
Cloud has IRAP
identities and issue
quantum crypto in Java assessments and is
issue TLS
tokens. For machine
24 (which will be used in ramping up for
certificates . It
identity, Oracle could
supports custom
many enterprise
government clients.
extend that – for
subject names
systems). Oracle has
Oracle would need to
example, Oracle’s API
and extensions,
also worked on PQC in
ensure their handling
Gateway can require
since you can
TLS and their database of health data meets
mTLS and then use
supply CSRs. So
security. While Oracle
Australian privacy
Oracle IDCS to mint
technically, Oracle
Cloud hasn’t made public and security
tokens. Oracle has
Cloud can host a
statements as visible as requirements. On
experience in health
CA for us and
AWS or Entrust, they
interoperability,
(they own Cerner now,
issue certs with
follow the NIST
Oracle’s products
a healthcare IT
Oracle HPI-O (the CSR
standards closely. Likely, support standards but
company), so they
from our side
OCI’s crypto libraries will sometimes have
might develop healthwould include the
adopt PQC in lockstep
Oracle-specific quirks
specific integrations.
HPI-O extension
with industry. Oracle’s
– we’d need to
It’s feasible to have
and Oracle’s CA
database and hardware ensure whatever
Oracle provide a fullwould sign it).
security modules (like
solution is built is
stack solution: an OCIOracle also still
Cloud OCI Vault) will
using open standards
hosted CA for device
offers legacy onsupport PQC algorithms at the interfaces
identity and an Oracle
prem CA solutions
once standardised. So
(which is a stated
IDCS instance for the
via its Oracle
we can expect by the
goal, so we specify
auth server issuing
Access Manager
time we need it, Oracle’s e.g. OAuth2/OIDC
JWTs with claims.
suite. If needed,
CA and IDCS can use
compliant, JWT RFC
Custom claims like
Oracle could
PQC signatures and TLS compliant, etc.).
HPI-O can be
customise those
(especially since Java will Oracle’s advantage is
configured in IDCS
for health.
have those algorithms
their deep healthcare
tokens (they allow
Oracle’s forte isn’t
built-in, making Oracle’s vertical knowledge
defining custom
PKI alone, but
stack crypto-agile).
via Cerner – they
attributes for
they can certainly
might bring insights
clients/users).
handle it as part of
into integrating with
a larger solution.
EHR systems or
terminology services
(though those are
tangential to auth).
Oracle OCI and
Oracle as a vendor
OAuth2 and
PQC Readiness:Oracle, would emphasise
On-Prem
Identity:Oracle’s
as a database and Java an integrated
CA: Oracle has a
Identity Cloud (IDCS) is provider, is very involved
solution – which can
cloud Certificate
an OAuth2/OpenID
in PQC. They
Service (OCI
be good (single throat
Connect provider. They announced postCertificates) that
to choke, optimised
can manage user
quantum crypto in Java integration) or
lets you create
identities and issue
24 (which will be used in challenging (less
private CAs and
tokens. For machine
many enterprise systems) modular).
issue TLS
identity, Oracle could
. Oracle has also worked Compliance: Oracle
certificates . It
extend that – for
on PQC in TLS and their Cloud has IRAP
supports custom
example, Oracle’s API database security. While
subject names and
assessments and is
Gateway can require
Oracle Cloud hasn’t made ramping up for
extensions, since
mTLS and then use
public statements as
you can supply
government clients.
Oracle IDCS to mint
visible as AWS or Entrust, Oracle would need to
CSRs. So
tokens. Oracle has
they follow the NIST
technically, Oracle
ensure their handling
experience in health
standards closely. Likely, of health data meets
Cloud
can
host
a
AWS
(they own Cerner now, OCI’s crypto libraries will
CA for us and
Australian privacy and
a healthcare IT
adopt PQC in lockstep
issue certs with
security requirements.
company), so they
with industry. Oracle’s
HPI-O (the CSR
On interoperability,
might develop healthdatabase and hardware
from our side
Oracle’s products
specific integrations. It’s security modules (like
would include the
support standards but
feasible to have Oracle Cloud OCI Vault) will
HPI-O extension
sometimes have
provide a full-stack
support PQC algorithms Oracle-specific quirks
and Oracle’s CA
solution: an OCI-hosted once standardised. So we
would sign it).
– we’d need to ensure
CA for device identity
can expect by the time we whatever solution is
Oracle also still
and an Oracle IDCS
need it, Oracle’s CA and built is using open
offers legacy oninstance for the auth
IDCS can use PQC
prem CA solutions
standards at the
server issuing JWTs
signatures and TLS
via its Oracle
interfaces (which is a
with claims. Custom
(especially since Java will stated goal, so we
Access Manager
claims like HPI-O can
have those algorithms
suite. If needed,
specify e.g.
be configured in IDCS built-in, making Oracle’s
Oracle could
OAuth2/OIDC
tokens (they allow
stack crypto-agile).
customise those
compliant, JWT RFC
defining custom
for health. Oracle’s
compliant, etc.).
forte isn’t PKI
attributes for
alone, but they can clients/users).
certainly handle it
as part of a larger
solution.
Oracle’s advantage is
their deep healthcare
vertical knowledge via
Cerner – they might
bring insights into
integrating with EHR
systems or
terminology services
(though those are
tangential to auth).