catch-22 on web services for identity management

David Kearns writes:

"the era of the suite was now passing by and that the future lay with modular services within a Web services/service oriented architecture framework from one or more vendors was the wave of the future" http://www.networkworld.com/newsletters/dir/2005/0718id1.html

In the few Web Service applications I've seen written, the programmers have not transcended into a more secure means of doing application-level identification, authentication, and authorization. Some have latched onto SAML, where it's available, but that's not always the case in most corporations. Iin my industry it seems like they are using Web Service as a mechanism to re-face legacy applications. In those cases, the ID and Password for the legacy application authentication still remains embedded in the web-app. Seems to me like an identity management solution needs to exist for the Web Services and applications before IdM solutions can be built on Web Services.

Furthermore, the UDDI registry isn't holistically deployed. Seems to me like this DNS-like infrastructure would also need to exist. Who's building it? I dont' know ... guess I have more reading to do ...