I'm doing a feature story for InfoWorld (to appear in March) on governing federated identity relationships. The core of the story is that the technology to do federated identity is here, works, and is maturing; technology isn't the biggest problem. The real problem comes down to governance.
Once you start sharing identity information with partner companies and customers, the real gotchas lie in hammering out the relationships between all the parties involved and defining who has what kind of access to what data.
Of course, my book is chock full of my ideas on that. One thing I don't have in the book and would like to get into the article is stories about how companies are managing their federated ID relationships. If you know of a good story, please let me know.