“As was pointed out in the sessions, identity is only of value in a particular trust context. You might not trust your stock broker to act as your baby sitter. Or the old favorite, you trust someone not to cheat at cards, but you don’t trust them not to cheat on their spouse. People have extremely complex and dynamic relationships. This contrasts with employees or other narrow role-based users, where the context is singular and relatively static.”
“This isn’t so for you and me. With technology like remote attestation, the trust relationship isn’t just between me and my PC. It is painted as being between my PC and other computers. My PC is supposed to talk to my laptop and they trust each other. But this is ludicrous! My PC has no concept of trust — or at least, until the day I come home from work and my PC and laptop have a marriage certificate proving their undying love for each other, I’m going to remain a skeptic. Only people can create and maintain trust. Computers are neither trusted nor trusting, merely authenticated and authorized. “Trusted computing” in the public context means “distrust strangers”.”
So, Identity Management with automated trust federation may work (to some extent) in a business context, but will fail completely with consumer roles. If this is supposed to work, anything having to do with people needs to stay in the hands and under control of the people – you may be able to automate roles, when it needs to be more fine grained, automation is doomed to fail.