The Verizon data breach report is a just a great read. One of the stats that really stuck out was the 39% figure for intrusions originating from vendors. The slow adoption rates of federation should not be surprising. People look at their own risk levels and project that out onto others. In complex societies trust levels are significantly higher than in small towns where one ostensibly knows each other. To make federation work between suppliers and customers you are going to have to take the time audit each other’s risk management practices and infrastructure. If you don’t have the time or personnel, you have to question if federation is worth it.