There's a balance to strike between convenience and robustness. Even a legal identity can be stolen, and countries have broad authority to regulate national TLDs and could make owning one just as robust as owning property. The core of an OIDC token is "iss" (issuer e.g. https://accounts.google.com) and "sub" (subject i.e. unique immutable ID e.g. 1234567890). Is that really different from a passport which has at it's core a nation ("iss") and number ("sub")? Sure there's other stuff like names and pictures, but OIDC tokens can have those too.
Having backups is key. The only difference is legal ID's can be backed up without registering the backups with each service ahead of time. Perhaps this could be engineered into OIDC too: a backup field with hashes of other OIDC tokens or something.
Having backups is key. The only difference is legal ID's can be backed up without registering the backups with each service ahead of time. Perhaps this could be engineered into OIDC too: a backup field with hashes of other OIDC tokens or something.