This question often comes up in a product context, such as "We have all these enterprise directories already, they will work just fine for the new era of pervasive identity, right?"

Unfortunately, I don't think the answer is as simple as that, because I don't think there is one single way of storing all the identity data that's needed in the times of pervasive identity, that meets all needs. Compare two simple examples for identity information: my first name, which doesn't change (or at least not very often), and which needs to be retrieved frequently for many applications. Compare it to my location information (obtained through GPS or cell triangulation, for example), which arguably is part of my identity information and useful for many applications, which often changes every few minutes, and which is shared with far fewer parties.

That both data elements can be efficiently managed using the same kind of storage and retrieval infrastructure (directory, database, in-memory, XML, what have you...) sounds fairly impossible to me. For example, directories are usually optimized for read access and fairly slow for write access; putting real-time location information into a directory sounds like a bad idea.

Even the mundane phone number, long a data item in directories and considered largely static, becomes an entirely different animal once we think of it in the context of presence and situation, and all the fancy new multi-modal communications frameworks that are popping up where callers get redirected depending on who they are, and on the to-the-minute status and presence of the person they are trying to reach, never mind which set of phones, PDAs, laptops, and beepers they chose to carry this morning.

[Real-world customer example: when I asked about whether phone numbers are held in the official company directory of this enterprise, they responded: "sure, they are there, but many are out-of-date, and even if they weren't, the directory doesn't matter because we all use cell phones and the directory doesn't know about them and couldn't be updated as frequently as we change phones and providers, because the process to update it invoves HR." Now I'm sure there are companies that do this better, but you get my point...]

And these are just some of the examples. There are many more examples we are coming across on an almost daily basis on just the incredible range of identity-related information that's growing pretty much everywhere. Further, as more and more information is available about indidividuals on-line (both under and outside of their control), much information will also just live wherever it lives on the network (buddy list in Jabber? Employment history in LinkedIn? List of people I've ever e-mailed to from Exchange? Reputation in eBay?), it may well turn out that the majority of identity information about a persona in the future will not be stored in any one place, but dynamically aggregated across the net. Which is of course what Opinity and ClaimID etc. are trying to do, although they are barely scratching the surface of this.