Ref; RPE section 4.3.1.4 "Different userids and different passwords MAY be used for each embodiment"
We might allow the use of the same username in different embodiments but we ought to mandate the use of different passwords. If anyone snoops on IDA traffic (e.g. through attacking the DNS and impersonating the IDA) and collects operator passwords that can then be used to retrieve data from a service provider, we are putting consumers behavioural data at risk.