"Having a good 'story' on security and identity helps the major vendors lock in customers," Warrilow said, adding this lock-in has been focused primarily on internal applications and Web front-ends.

"Vendors need to ensure they focus on moving towards efficient means of allowing trust and passage of information between organizations," he said. "Right now, many organizations are forced to resort to using e-mail to send information, [because] of the minimal identity management required."

On standards, Warrilow said, some - like LDAP - have become "de facto" standards, while others like SAML (Security Assertion Markup Language) have only had moderate take-up.

"What is needed is a way to graduate or increment security, dependent upon the use scenario," he said. "Web services represents our 'best hope' to improve this situation and create loosely-defined trust relationships to allow improved 'federation'."

One organization facing a massive identity management challenge is the NSW government with its efforts to integrate services across departments. A New South Wales Department of Commerce spokesperson said the agencies are very experienced in the offline identity management of their external clients, but there are still many issues involved.