| The basis for identity is that the receiving party has to make a decision based on some sort of trust relationship. Everything really winds up being direct, indirect, or brokered, eg. :
- direct: you have a pre-existing account on a website.
- indirect: you have an account with a Company, and I let that company's employees sign in with SAML etc
- brokered: certificate authorities issuing certs based on domain/email/etc validation, and I accept those certs by accepting those authorities We won't see the indirect model get any broader than it already has - nobody is going to accept Sign in with Apple in lieu of a birth certificate. What we _do_ see is the platforms (like iOS and Android) becoming wallets for identities issued by _others_ based on the indirect and brokered models. Adding mobile drivers licenses is upcoming for both mobile platforms. but the reality is that for indirect/brokered, you have an issuer and you have parties who have made a decision to trust the identity. If Apple/Google mandate properties the issuers don't like, the issuers won't use it. If the issuers mandate behavior the verifiers don't like, they won't accept it. And thats the same for any "user-centric" or "self-sovereign" identity system too. If bringing my own DID means that the issuer can't meet their identity verification/authentication mandates, they won't support it. If me using my own wallet means that a retailer is not getting identity assurance or is otherwise taking on additional risk, they won't accept it. And obviously the people who do not like the overall properties will choose not to consume it. What you imply is some nefarious function of big actor desires being baked into standards, I would just call 'understanding market requirements'. |