The Identity Governance Framework is an initiative to develop specifications for sharing identity data across heterogeneous applications. The project has the support of identity and access management (IAM) vendors Ping Identity, Sun Microsystems and Securent, as well as CA and Novell. The framework and will eventually be turned over to a standards-setting body, according to Amit Jasuja, vice president of product development for Oracle's security and identity management products.

The Identity Governance Framework (IGF) grew out of Oracle's efforts to integrate identity and access management technology it acquired from Thor Technologies, OctetString and other companies, Jasuja said.

"We realized that a solution that just works with the Oracle stack is not what customers need," he said.

Instead, problems such as and identity theft point to the need for overarching standards that govern all the sensitive data squirreled away in data repositories across an enterprise, such as human resources, customer relationship management and custom-built internal applications. Oracle estimates that between 60 and 80 percent of sensitive data reside in these kinds of repositories, rather than in better protected enterprise databases, he said.

"Finding out where all that information is turns out to be a huge forensic exercise," Jasuja said. "You have to root through every application repository and application logic and code to figure out how the [sensitive data] is being used."