Resilience Isn’t Free: What Standards Can (and Can’t) Prepare Us For

“We’ve all heard the calls for more resilient digital identity systems.“

Heck, I covered that in the blog posts I did a few weeks ago on centralization vs. decentralization. Resilience is on my list of the top ten buzzwords of the year. Whether we’re looking at geopolitical turmoil, AI disruption, or yet another IdP outage, it’s clear that the infrastructure we’ve relied on for decades is straining under new (and not-so-new) pressures.

The catch to this demand, however, is that resilience is expensive. And in standards development, it’s often treated like it’s free.

Identity professionals usually talk about resilience as a technical or operational problem, how to recover when something fails. In my early days as a sys admin, disaster recovery and business continuity were my jam, so I get it. But from a standards and governance perspective, I keep coming back to a different question:

What kinds of resilience are current standards actually enabling? And where are we still pretending flexibility comes without cost?

oooooh, hard question!

A Digital Identity Digest

Resilience Isn’t Free: What Standards Can (and Can’t) Prepare Us For

Play Episode Pause Episode

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds

00:00 / 00:11:33

Amazon Apple Podcasts CastBox Listen Notes Overcast Pandora Player.fm PocketCasts Podbean RSS Spotify TuneIn YouTube iHeartRadio

RSS Feed

Share

Link

Embed

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Resilience is the wrong word if you can’t afford to change

Most modern identity standards build in some notion of flexibility. You’ll find language about “pluggable” trust frameworks, revocable credentials, and multi-source identity assertions. It all sounds great, on e-paper.

But in practice, very few implementers can afford to build and maintain all the branches that the standards suggest. Most systems implement the bare minimum required to pass a test suite (please tell me there is a test suite) or ship a product. The more complex the flexibility, the less likely it will be used or maintained.

This tension came up repeatedly in my recent blog series on centralization and decentralization. It’s not that one model is better than the other; it’s that resilience requires the ability to shift between these architectures. Shifting means you need a governance structure that can manage both states, not just technical plumbing that supports a theoretical toggle.

Governance is expensive, as is testing rarely used failover paths. Yet we talk about flexibility as if it’s a universal good. It’s not. It’s a luxury, and we need to be honest about that.

Most standards assume stable trust anchors

I want to be clear: assuming stability isn’t inherently bad. The Internet only works because we assume certain things, like DNS will resolve, certificates will validate, and revocation servers will be online. “Turtles all the way down,” as the saying goes. If you don’t trust anything at all, then you cannot actually use the Internet.

But most identity standards still assume that key pieces of the trust chain are always available and operating neutrally. Whether it’s SAML federation metadata, OpenID Connect trust frameworks, or verifiable credential issuers and resolvers, there’s usually no plan B.

When systems fail due to policy shifts, infrastructure outages, or organizational collapse, the standard itself rarely provides fallback guidance. At best, you’ll get some MAY clauses. More often, it’s left to implementers to figure out what to do when their trust anchor disappears.

Some specs (notably in the decentralized identity world) are starting to grapple with this. But many others still reflect a stable-world mindset. That’s a mismatch for the world we’re actually living in.

Delegation, AI agents, and identity sharing are afterthoughts

What makes me sad is that we, the people working in tech, knew these problems were coming, and we kicked the can anyway.

Delegation has been a known issue in identity for years. We’ve seen efforts like User-Managed Access (UMA) define how to handle “on-behalf-of” scenarios, layered roles, and AI agent use cases. But they’ve remained niche, partly because the implementation complexity is real, and partly because the incentives haven’t been there.

Now we’re scrambling to retrofit standards that were never designed to handle autonomous agents, shared credentials, or multi-party authorization flows. And we’re trying to do it without breaking existing infrastructure that assumed a much simpler world.

If we want identity infrastructure that can survive the next decade, we have to stop treating delegation and agentic identity as edge cases. They’re central to how identity will work going forward, and they’re crucial to any conversation about long-term resilience.

There’s no such thing as neutral infrastructure

Let’s talk about government-issued credentials.

They’re often framed as the gold standard for trust, and for many high-assurance use cases (finance, travel, health), they are. But they’re also highly contextual. They encode the priorities, capabilities, and politics of the issuer. Not everyone trusts their government. Not every government trusts other governments. And, not every global corporation can figure out how to deal with all the government requirements, especially when governments contradict each other.

A system that assumes government credentials are always the best option risks becoming brittle. What happens when a user doesn’t have access to those credentials? Or when the trust in a government changes?

The DC API

This question is playing out in real time in the standards world. A recent discussion about the Digital Credentials API in the W3C’s Federated Identity Working Group points out that not all wallets are created equal, and neither are the governance models behind them.

A government-issued wallet may want to authorize verifiers through its own mechanism, asserting tight control over how its credentials are used. A browser acting as an intermediary might conflict with that, unless a protocol allows the wallet to enforce its preferences. But for other, non-government wallets, such as those used in enterprise, education, or social scenarios, the browser might be the only line of defense, especially where verification risk is low and wallet quality varies.

This is where the fiction of neutrality breaks down. When browsers or OS platforms decide how wallets should behave, who gets trusted, and what protocols are supported, they stop being passive conduits and start shaping the structure of the ecosystem. And that has consequences for which identity models can thrive. (To be fair, I’m not sure they have a choice, given how they are held liable for when things break down, but it’s still a matter of consequences.)

Resilience, then, isn’t just about supporting many wallets. It’s about enabling multiple trust frameworks to coexist, even when their needs are in tension.

That means standards shouldn’t default to one “gold standard” credential or wallet model. They should support a plurality of issuers, governance structures, and levels of assurance, because no single model is durable enough to anchor every identity system, everywhere, forever. No one is going to “win” the wallet wars.

If resilience is the goal, we need better defaults

We often measure the success of a standard by how widely it’s adopted. And that makes sense; if no one uses it, it doesn’t matter how flexible or forward-looking it is.

But in a world where trust assumptions are increasingly unstable, we also need to ask:

Can this standard still function when the environment shifts? Can it support multiple deployment models? Multiple trust anchors? Conflicting governance approaches?

Adoption is essential, but it’s not enough. Standards that can’t adapt get ripped out when the world changes, assuming we pay the technical debt. That might not happen in year one. But over time, brittle assumptions break, and infrastructure that once seemed “standard” adds to the debt that’s breaking our industry.

If resilience is the goal, we need better defaults:

• Defaults that don’t assume the trust anchor is always online.
• Defaults that let delegation and AI participation evolve without rewriting the spec.
• Defaults that recognize different types of wallets, verifiers, and issuers will operate under different rules, but they still need to work together.

And maybe we also need more standards participants with risk assessment experience (please and thank you), so we can start designing for volatility from the beginning, not just retrofitting it later.

Wrapping up

I’m not arguing that we need to abandon federation or centralized identity, or that VCs are the answer to everything. I’m arguing that we need to stop building identity infrastructure that assumes everything will go right.

Resilience isn’t about architectural preference. It’s about designing for a world where the map keeps changing. If we want our standards to hold up under pressure, we need to stop pretending that flexibility is free and start deciding where we’re willing to invest.

Because trust might be turtles all the way down, but someone still has to check on the turtles.

📩 Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

(00:00) Let’s talk about one of the most common words in tech media today: resilience.

(00:37) In 2025, it’s everywhere. But when it comes to digital identity systems, what does resilience actually mean—and perhaps more critically, who pays for it?

(00:51) Many assume resilience just means flexibility. But building flexible systems isn’t cheap. Flexibility costs money, and lots of it.

Flexibility on Paper vs. Resilience in Practice

(01:13) Most modern identity standards suggest adaptability. For example:

• Pluggable trust frameworks
• Support for multiple issuers
• Credential revocation paths
• Selective disclosure mechanisms

(01:41) These sound like flexible, future-ready systems. But in practice, most implementers don’t have the budget, time, or political will to build beyond what’s required today.

(02:10) When deadlines loom or audits approach, resilience features—fallback flows, delegation models—often get cut. They’re seen as luxuries, not priorities.

(02:27) The result? When a major provider goes offline, everyone scrambles to fix what should have been planned for.

Resilience Requires Planning for Change

(02:46) In earlier blog posts on centralization and decentralization, I made the case that resilience isn’t just about choosing one architecture. It’s about adapting between models as conditions shift.

(03:08) But those shifts require governance, testing, and long-term maintenance—and few standards talk about that part.

What Happens When Trust Anchors Fail?

(03:18) Most identity standards assume certain things are stable: DNS, certificate authorities, federation metadata, DID resolvers.

(03:45) And most of the time, that’s a fair assumption. But not always. Trust anchors wobble—frameworks get deprecated, registries go dark, support drops.

(03:56) What happens to the systems that depend on them?

(04:06) Often, nothing is specified. The standard assumes uptime, not failure. Resilience needs to plan for volatility, not just stability.

Real-World Examples of Fragility

(04:24) Consider some common standards:

• OpenID Connect Federation: Trust chains fail if any node is unreachable
• SAML: Metadata URLs are assumed always available
• Verifiable Credentials: Depend on persistent, resolvable identifiers

(04:59) These aren’t bad standards. They’re doing critical work. But they often lack mechanisms for handling breakage—when, not if, it happens.

Delegation Is a Core Identity Requirement, Still Underserved

(05:06) Delegation is a cornerstone of identity. We’ve known this for years.

(05:11) Parents act for children. Executives delegate to assistants. Spouses share insurance logins. Healthcare proxies access private records.

(05:30) And now, we’re adding AI agents to the mix—bots booking appointments, filling forms, accessing systems.

(05:46) Most identity systems don’t handle this. There’s no consistent model for “on behalf of,” no standardized scoping, and no way to validate consent.

(06:06) UMA (User Managed Access) aimed to solve some of this. But it remains niche—important, yes, but far from mainstream.

(06:21) Now we’re stuck retrofitting delegation into systems that weren’t designed for multi-actor flows or digital intermediaries.

Wallet Diversity: Who Governs the Gate?

(06:45) One of the most timely conversations today is about wallet governance.

(06:55) In the W3C’s Federated Identity Working Group, Issue #246 asks: how should different wallets—government, enterprise, personal—be treated by browsers and platforms?

(07:16) Should a government wallet control its credential usage? Should browsers enforce a uniform model? It’s complicated.

(07:29) Government wallets have strong policies. Social wallets may offer more flexibility—but with lower assurance.

(07:43) So who decides?

(07:49) When browsers mediate everything, they start shaping governance—intentionally or not. That creates platform lock-in and infrastructure fragility.

(08:01) If your wallet only works on Platform A, but not Platform B, we’re undermining interoperability—and resilience.

Supporting Governance Pluralism

(08:18) True resilience means supporting pluralism—multiple governance models, even conflicting ones.

(08:28) Standards can’t just hope it all works out. They need to explicitly support this diversity, or risk failure as soon as conditions shift.

Measuring Adoption vs. Measuring Adaptability

(08:37) In most standards work, success is measured by adoption.

(09:12) But adoption isn’t the same as resilience. A brittle standard can be widely used—and still collapse when a key component fails or use cases evolve.

(09:20) Conversely, a highly adaptable standard that sees no uptake contributes nothing.

(09:28) We need to measure both adoption and adaptability if we want identity systems that can survive real-world conditions.

Toward Risk-Aware Standards

(09:43) So how do we move forward?

(09:46) One answer: bring more people into standards work who understand risk. Not just technical threats, but governance risk, market volatility, and long-term trust dynamics.

(10:04) Resilient standards aren’t paranoid—they’re durable.

The Real Cost of Resilience

(10:18) Digital identity resilience requires:

• Flexibility, but not as an afterthought
• Fallback paths and pluralist design, not idealized assumptions
• A willingness to acknowledge the cost of preparation—and invest in it
• A design approach that accepts the world won’t always cooperate

(10:28) We don’t have to throw out everything we’ve built. But we do have to ask what breaks when things shift—and what we’re willing to invest to prevent that.

Final Thoughts

(10:38) Thanks for listening. If this got you thinking, I’d love to hear from you. Reach out on LinkedIn or check out the written version at sphericalcowconsulting.com.

(10:57) And if this helped make identity just a little clearer—or at least more interesting—consider sharing it with a friend or colleague. See you in the next episode.