I say

Former #scmagazineuk Information Security Person of the Year becomes KPMG partner  
congratz!
What identity management strategies should enterprises deploy for cloud environments?  
I would like to see differing federated identity for differing purposes. I despair with the number of passwords I have to remember. I despair that I have to sign up with password/email/userID credentials on multiple sites. There is no benefit to this for the end user, no benefit to the organisation and no benefit to the consumer. While the Twitter oAuth, the Google ID and the others mentioned in the article are great, they do rely on having separate identities that ultimately return back. A better approach would be (could be?) an security ring of IDs. Inner ring: the government stuff, bank accounts. It may be that the paranoid amongst us would prefer to have separate IDs for these to prevent a single loss ripping out our private hearts. Next ring: the identities that could do me financial harm. Amazon and the plethora of web sites I have a commercial relationship with or where I have submitted my credit card: I don't want to sign up to a web site in order to buy its goods. Next ring: identities that could embarrass me. Facebook, Twitter, Linked In. Next ring: identities that I use for fora or subscriptions. Next ring: the anonymous identities I use for making one-off comments on web sites. All that is needed is for more sites to accept federated IDs and for the developer community (eg phbBB, open CMS etc) to accept the multiple federated ID models. Now that's fixed we can move onto corporate user ids. A major problem is user attestation where user accounts are not deleted and user rights are never challenged. This can be addressed by auditing and team leaders signing off access every six months. No sign off: no access. Simple. The retail banks do this, so can you.