It would likely be very problematic for the security model as it is crucial that you only sign your own requests that you understand what they do. I guess you can technically sign someone else's request made with your identification number today as most service don't use QR codes for presence verification. In general I am also not sure that further expanding, and blurring the line, of what you can do with BankID is a good idea. If anything I would like more limits.
