You've probably heard of Metcalfe's Law, which states that the value of a network grows as the square of the number of nodes. The reason is simple: the value is the number of potential relationships, not the number of nodes. Digital identity suffers at the hands of Metcalfe's Law, because the difficulty of digital identity problems is proportional to the number of relationships.
The Internet uses a distributed, packet-switched architecture to manage the complexities arising from Metcalfe's network effects. I can't imagine a centralized architecture that would have scaled to the size of today's Internet. The only solution was to make each node smart enough so that relationships between any two hosts on the Internet could be established without any centralized coordination.
Efforts to create centralized digital identity systems fail to appreciate the lessons of the Internet's distributed architecture:
First, the distributed architecture of the Internet makes it difficult for attackers to break the network by concentrating their efforts in one place. In contrast, in a centralized system, the benefit of learning how to scam or break the system is very high, making it worthwhile for criminals to invest heavily in discovering a means of compromising the system.
Second, distributed systems are less prone to commercial or political abuse. I've discussed the governance problems I faced in creating centralized identity stores. The reason is simple: no one wants their data under someone else's control.
Third, a distributed architecture degrades gracefully, making it less susceptible to catastrophic failure. In a centralized system, by contrast, once a key part of a centralized system becomes compromised, the entire system along with all its connected data is untrustworthy.
Numerous real-world examples show how centralization is more difficult in practice than in theory. For years, enterprise software vendors have claimed strong return-on-investment from integrating customer or supply-chain data. The reality has seldom lived up to the promises. Though enterprise resource planning, customer relationship management, and enterprise application integration have delivered some value, it has seldom been without significant pain and implementation expense. The problems in integration are often ones of identity.
Beyond the IT challenges, centralized digital identity systems run into significant perceptual and user-behavior obstacles. End-users have no desire to do the work of putting all their information in one place. They don't necessarily want yet another username and password combination. Concerns that a single company could monopolize identity data, or that governments could use such a repository to gain access to personal data, inevitably dog centralized identity schemes. The backlash against Microsoft's HailStorm system, trials of wireless RFID tags by retailers, and efforts to incorporate unique IDs into Intel CPUs, are cases in point.
Ultimately, the greatest limitation of centralized identity management is that it cannot address the requirements of an increasingly distributed business environment.