IGF addresses that problem by establishing a governance model that allows organizations to create "contracts" between applications and repositories of identity data. The model would cover how data flows within an enterprise and outside the enterprise to supply chain or business partners, he said.

IGF has the following four components:

-- CARML, the Client Attribute Requirement Markup Language, is an XML-based language used by application developers to define contracts that specify how applications can use certain kinds of data.

-- CARML API is an Application Programming Interface that application developers can use to consume identity data in a way that conforms to the policies that govern that data.

-- AAPML or Attribute Authority Policy Markup Language, defines policy rules regarding the use of identity-related information from an identity source.