An Overview of the Id Governance Framework

The secure and appropriate exchange of identity-related information between users and applications and service providers (both internal and external) is the basis of providing deeper and richer functionality for service-oriented architecture.

Sensitive identity-related data such as addresses, social security numbers, bank account numbers, and employment details are increasingly the target of legal, regulatory, and enterprise policy. These include, but are not limited to, the European Data Protection Initiative, Sarbanes-Oxley, PCI Security standard, and Gramm-Leach-Bliley as examples.

The Id Governance initiative assists entities managing identity data with increased transparency and demonstrable compliance with respect to policies for identity-related data. It would allow corporations to answer questions such as: Under what conditions may user social security numbers be accessed by applications? Which applications had access to customer account numbers on January 27, 2007?