Imagine you are visiting hacker news, and for some reason you have to prove your age, but you don't want HN to know who you are, nor your age identity site to know you're going to HN
One way to do this off the top mf my head would be
HN issues a unique number (say 4096 bit) to you when you create an account
You send that number to your identity provider along with confirming proof of age
The identity provider signs that the number is valid and posts it to a public source
HN downloads a list of 4096 bit numbers posted in the last 5 minutes and confirms the one associated with your account is on the list
HN will know that "Identities-r-us.com" has proven your age, but nothing else
IRU know you had to age approve a site, but there are many sites downloading the lists so they don't know which one
You can do even better than that. IRU could proxy your TLS connection to the identity provider, and you could prove to IRU in zero knowledge that the decrypted transcript verifies that your age is over some threshold, without IRU ever seeing your age, and without the provider having to run a signature service. Then IRU is the one who signs the attestation on your age.
But this way ppl could falsely verify their age by using a shared identity, unless the identity provider saves the identity (and shares it with other such providers)?
The central checker knows you've proven your age, but not where you've proven it.
As someone else points out, you send a message to your ID provider 17 requesting the minimum required fields and an anonymous token provided by HN, the ID Provider returns that (over18=yes, token=1234567....) which is signed, you then send the returned payload to the server you're asking, saying "I used Identity provider", and HN (assuming it trusts your ID provider) can confirm that.
HN knows the IP you're connecting from and the identify provider (say the Austrailian government)
The Austrailian government doesn't know where you're connecting to, just that you are trying to prove you are over 18. The unique random number HN provides confirms it's not someone else's token, but it doesn't link to HN
I assume there's a proper standard which does this
One way to do this off the top mf my head would be
HN issues a unique number (say 4096 bit) to you when you create an account
You send that number to your identity provider along with confirming proof of age
The identity provider signs that the number is valid and posts it to a public source
HN downloads a list of 4096 bit numbers posted in the last 5 minutes and confirms the one associated with your account is on the list
HN will know that "Identities-r-us.com" has proven your age, but nothing else
IRU know you had to age approve a site, but there are many sites downloading the lists so they don't know which one