The Identity Services are accessible via SOAP/WSDL and REST.
Basically, no difference from those offered by Policy Agent:
- Authentication and Single Sign-on — Verification of user credentials
- Authorization — Permission for authenticated users to access secured resources
- Provisioning — Creation, deletion, search, and editing
- Log — Ability to audit and record operations
The only difference is developers have to code by themselves to achieve the above 4 functionalities.
More flexibility if you look at it positively. Of course, more effort required.