When discussing identity management, how the gathered data is used should be addressed. The Curion and Business Layers products focus on managing employee identities within a corporation, but ID management shouldn't end there. A broader ID management strategy incorporates managing the identity of customers and business partners as well.
Most privacy policies look great on paper, but enforcing them is based almost exclusively on the honor system. Should employees in the shipping department have unfettered access to client data such as credit card numbers? In a perfect world, they would only have access to the subset of data -- the shipping information -- relevant to their job: in essence, a data firewall.
Recent events have underscored that the honor system doesn't work at the corporate level. IBM took note of this problem and released TPM (Tivoli Privacy Manager) in late 2002.
Tivoli Privacy Manager is a companion product to TIM (Tivoli Identity Manager) and TAM (Tivoli Access Manager). IBM declined to participate in a review (a new release of TIM and TAM is set for June), but provided us with a TPM demo instead. The demo focused on a Web storefront application, highlighting the integration of TPM and the J2EE storefront application.
When implementing TPM, an administrator draws parallels between the entity Java beans that define sensitive data and the privacy policies' structure on the appropriate use of that data. By defining roles for accounts and user groups within TPM, certain portions of the datasets returned to the user are blocked based on his or her privilege level. TPM can be implemented as an enforcement engine or simply used as an auditing tool to assess the current state of policy adherence.
(For more on identity management and privacy, return to "Does identity management clash with privacy?")