Sun has launched a new identity manager product, Sun Roles Manager, to help users manage risk and meet compliance mandates.

The software is Sun's first release arising from its November 2007 acquisition of Vaau. The product, called Vaau RBACx before the acquisition, lets users manage identities, including validating role definitions. The software also will continually compare user access privileges to assigned exceptions and log the actual resources the user is accessing.

Roles Manager includes role certification by role owners, approval workflow and role consolidation, as well as an analytics engine and activity monitoring features.

Sun says Roles Manager is the first in a series of new products that will be added to its identity management portfolio over the next 12 months.

The company did not disclose specific details about forthcoming products. But company officials say they plan to also work with partners and systems integrators to help extend the Sun platform, as well as develop new Sun identity products and acquire additional companies. Sun plans to focus on access management, federation, web services security and auditing to extend its current identity management wares while incorporating governance, risk and compliance (GRC).

The company is following a trend to bolt GRC onto identity and access management and meld IT efforts with business requirements around compliance and risk.

"Any organisation that is embarking on a top level GRC strategy has to have the functions of identity management and roles management along with access certification," says John Barco, director of the identity portfolio for Sun. "Those are the core fundamental pieces that business and IT architecture have to have aligned across all the business unites before they can do any other part of their programs."