Often I hear these terms used interchangeably. I see them differently. Security services provide the basic building blocks like crypto, hashing etc. Identity Services provide stuff like Enterprise SSO, Audit, Authorization etc. While in Java language there is an admirable collection of APIs/libraries for Security, identity services don't have much.
What do you think? Do you make this distinction?