Over the past few days, we’ve witnessed a thoughtful discussion between identity experts on a simple but important question: what’s really holding back identity reuse across organizations?
It started from a familiar frustration:
Most large organizations have already spent millions verifying identity.
They’ve collected documents, passed compliance checks, and built high levels of confidence in who their customers are.
And then… that trusted data gets trapped inside a single system.
When a customer moves between business units (or to a partner organization) the process often starts again from scratch. New forms. New verification. New friction.
It’s expensive. But more importantly, it’s inefficient in a way that increasingly feels outdated.
Expectations are changing fast
Governments are rolling out digital identity initiatives that allow people to prove who they are far more seamlessly.
As these experiences reach the market, they’re quietly resetting the baseline for what “good” identity looks like.
When users can prove who they are with a simple tap on their phones, the old model of repeated forms, repeated document uploads, and repeated checks starts to feel increasingly hard to justify.
For organizations, this creates a growing tension:
The cost and friction of re-verification continue to compound, while user expectations move in the opposite direction.
If we already trust the identity data we’ve verified… why can’t it move?
Why federation hasn’t solved this
A recent discussion on Nick’s post surfaced an important nuance.
As Stephen Wilson pointed out, federation has historically struggled in high-assurance environments because it doesn’t reflect how business relationships are actually structured.
Each organization maintains:
- Its own customer relationship
- Its own risk posture
- Its own liability model
And those boundaries are not just technical, they’re commercial, regulatory, and operational.
Because of this, large banks, healthcare providers, and governments have often resisted pure federation approaches for identity reuse.
Federation typically tries to bridge trust domains.
But many organizations are understandably reluctant to merge trust boundaries or outsource control of their customer relationships, especially when liability, compliance obligations, and fraud exposure remain firmly their responsibility.
A different model is emerging
Verifiable digital ID takes a different path.
Instead of forcing organizations into shared trust domains, it allows trusted identity data to move while each entity maintains sovereignty.
Each organization can:
- Independently validate the digital ID
- Apply its own policies
- Maintain its own risk controls
This maps much more cleanly to how real-world ecosystems actually operate.
Tim Bouma’s Aeroplan example illustrates the direction of travel well.
Rather than asking every relying party to federate into Aeroplan, Air Canada enables users to carry digital ID credentials between apps and ecosystems.
Different organizations can consume those credentials in different contexts and at different assurance levels.
The real unlock
The opportunity isn’t “single sign-on everywhere.”
It’s portable, user-held, cryptographically verifiable data that organizations can trust, without restructuring their commercial relationships.
And increasingly, what we’re seeing in the market is this:
The near-term opportunity isn’t replacing existing identity systems, it’s enabling organizations to consume trusted credentials (PID, attestations, etc.) and derive purpose-specific credentials for their own ecosystems.
