Having to build adapters to translate (if possible) credentials in different formats is a compromise which is more reasonable than having to wait for all the middlewares of the world to move towards a common security infrastructure.
In the short term... documenting and defining the 2 or 3 security models is real progress. If a service only supports one of these I do not see this as a problem - for all the reasons given. Providing credential translation services to provide 'shims' (or bridges between these islands) as an interim solution makes this work. Its a low risk to individual services - they maintain their current stability - and can migrate over time to support both or the most 'popular' one - let the market decide! Each service can then advertise the mechanisms it supports and clients can locate credential translation services as required.