The only viable choice then becomes the organisation that already deals in identity - government departments that issue passports, ID cards and driving licences.
What could possibly go wrong? There's a reason why it's unconstitutional in my country for the state to issue a single ID number to every citizen.
A protocol should let anyone be a CA, and it should be up to each party to choose what CAs it accepts. If some service wants to only allow government-issued IDs, that's fine, but there's no good reason to enforce that at the system level.
In fact, the article you linked puts it well:
But in many cultures, employers and employees would not feel comfortable using government identifiers to log in at work. A government identifier might be used to convey taxation information; it might even be required when a person is first offered employment. But the context of employment is sufficiently autonomous that it warrants its own identity, free from daily observation via a government-run technology. (...) So when it comes to digital identity, it is not only a matter of having identity providers run by different parties (including individuals themselves), but of having identity systems that offer different (and potentially contradictory) features.
Technology like U-Prove addresses exactly that scenario. Using it you could prove to a third party, using a government-issued credential, that you're over 18. You wouldn't disclose anything else. The third party couldn't derive you gov. Id, and the government couldn't prove whom you provided your credential to - even if the two collude.
What could possibly go wrong? There's a reason why it's unconstitutional in my country for the state to issue a single ID number to every citizen.
A protocol should let anyone be a CA, and it should be up to each party to choose what CAs it accepts. If some service wants to only allow government-issued IDs, that's fine, but there's no good reason to enforce that at the system level.
In fact, the article you linked puts it well:
But in many cultures, employers and employees would not feel comfortable using government identifiers to log in at work. A government identifier might be used to convey taxation information; it might even be required when a person is first offered employment. But the context of employment is sufficiently autonomous that it warrants its own identity, free from daily observation via a government-run technology. (...) So when it comes to digital identity, it is not only a matter of having identity providers run by different parties (including individuals themselves), but of having identity systems that offer different (and potentially contradictory) features.