Two things have caught my eye recently (both on Dan Farber's blog):
1. Mashery launching: an API management service that offers, among other, things "access control."
2. Intel's Web 2.0 Business Suite: a suite of content management and distribution mechanisms that offers "single sign on" across the various applications.
All of this reminds me of how enterprise identity management (at the application layer) was built out. Identity began as embedded in the application layer, and only after the identity's non-interoperable proliferation did the vendor community respond by *abstracting* identity -- thus, resulting in identity management systems.
Is the web 2.0 world doomed to the same fate? Will web 2.0 companies embed non-interoperable identity in its applications and suites and only after identity's proliferation move to abstract it into its own web 2.0 identity management?
I hope not, but its not looking good (see the examples above).