The Wallets Are Coming – But Are We Ready for What’s Next?
As people like John Bradley and Shannon Roddy have noted in their conference talks earlier this year, the wonderful world of wallets is about to experience some of the growing pains that “traditional” identity federations have been dealing with for decades. When I say traditional, I’m talking about the SAML-based bilateral and multilateral federations that have dominated the Research and Education (R&E) space for years. These federations have served as the backbone for secure access in academic and research settings, but here’s the kicker – the lessons learned from that world aren’t making their way into the commercial or enterprise space.
And we should be concerned about that.
Growing Pains, Version 2.0
Why? Because wallets are about to hit the same hurdles that identity federations have been jumping (or tripping over) for a long time. Things like trust frameworks, governance, funding models, and the thorny question of how to manage identity at scale are all about to come knocking. It’s one thing to issue verifiable credentials, but it’s a whole other beast to manage them securely and efficiently across borders, organizations, and systems.
R&E federations have been there, done that, got the t-shirt, and are still trying to figure out if the t-shirt fits. Or if its even still wearable.
The Disconnect Between Worlds
Here’s where things get tricky: despite the similarities, the experience of the R&E sector – where we find the largest and most active identity federations in the world – isn’t translating to the commercial or enterprise space. The enterprise world, which is now buzzing about digital wallets and verifiable credentials, seems to be missing the memo on the challenges of running federations.
What I tend to hear is “eh, that’s SAML-based. SAML is dead, didn’t you know? The R&E experience couldn’t possibly be relevant to my Very Special use case (that happens to look like a thousand other use cases.”
Identity federation isn’t just about the technology. It’s about building trust between organizations, having a solid governance framework, and making sure there’s a sustainable model to keep the lights on. And right now, most commercial ventures diving into wallets are focusing more on the tech (which, let’s face it, is the shiny part) and less on the less-glamorous, but critical, infrastructure.
The R&E Space is Tired – And Underfunded
Now, let’s talk about the state of the R&E world. It’s tired. Federations are not only underfunded but often stretched to their breaking points. Out of the 76 federations we know about globally, maybe five have the funding and resources to do the innovative work that’s needed to stay ahead. The rest? They’re just trying to keep things running, dealing with legacy systems, and clinging to SAML because it’s the devil they know.
But the reality is that while the federations in R&E have the most experience in dealing with identity at scale, they’re not in a position to help the commercial world solve its wallet issues. And frankly, many of them are struggling to stay relevant as the world moves toward OpenID Connect and verifiable credentials.
What Comes Next?
So, what does this mean for the future of wallets and federations? Well, the commercial world is about to discover that managing digital identity is more than just fancy tech. It’s about trust, governance, and sustainability – all things that the R&E space has been grappling with for years.
The challenge is that while the R&E world has valuable lessons to offer, it may not have the capacity or energy to lead the charge into this next era of digital identity. And without a more collaborative approach that brings together the best of both worlds, we could see a lot of wheel reinvention – and a lot of avoidable mistakes.
In short: the wallets are coming, but are we ready for what’s next? That’s the real question.
If you’re interested in learning more about navigating this process or need support in engaging with standards development, don’t hesitate to reach out. With my experience across various SDOs, I’m here to help guide you through the complexities of Internet standards development.
