The “one identity key management system to rule them all” seems like a problem in search of a solution.
Why does every app have to use the same key management system?
What’s the problem with identity, exactly?
I already own my identity on every app I use. I know the password (or my password manager does).
Take HN for example. There’s no significant difference between HN asking for a password on a form, and asking a browser API for a certificate. Except the latter is more complex and prone to error.
There is also the question of multiple accounts on the same service for compartmentalization purposes. Right now you can do that in most places, although it might require multiple phone numbers and might violate TOS. Obviously, this could either provide privacy benefits or potential for abuse depending on service.
It's not clear whether the "one identity" system is meant to prevent or empower that. Looking at beyondcorp I'd guess it's meant to prevent.
Why does every app have to use the same key management system?
What’s the problem with identity, exactly?
I already own my identity on every app I use. I know the password (or my password manager does).
Take HN for example. There’s no significant difference between HN asking for a password on a form, and asking a browser API for a certificate. Except the latter is more complex and prone to error.