Related to my post on business context security yesterday is this excellent whitepaper from PirceWaterhouse and Gartner on identity management. They list the following components to an IM solution:

• Enterprise information architecture
• Permission and policy management
• Enterprise directory services
• User authentication
• User provisioning and workflow

I'd add a hearty amen. You can't manage the security of your enterprise in a business context without an enterprise architecture, good policies, global namespaces, the ability to authenticate users systematically, and a good way to manage account provisioning and deprovisioning.