This has the potential to eradicate several major avenues of fraud. The more of this is offered (for free) by governments the more it could majorly disrupt (=destroy) the industry around the topic.
Worldwide it seems there is a new, proprietary wallet each month, which naturally totally ruins this idea of having one wallet, but I see what is currently going on as a "storming phase" or almost "norming phase" already, that will eventually reach the "performing phase", with one or two wallets being the survivors. A big stumbling block here is that everyone involved wants a piece of the cake.
The European Union is actively (but slowly) working on this, e.g. with eIDAS. With eIDAS, you create a digital identity in your home country. If that home country DI offering supports eIDAS, you can use it to login to any other government AND private service implementing any DI offering that supports eIDAS.
> whether identity providers / VC providers are going to be 5 big firms
The big firms will provide the ecosystem (e.g. Microsoft Entra, mastercard-id-for-rp, ...), the real identity verification will happen through offerings like Onfido, Jumio and the 1000 other offerings in the space.
For example:
- date of birth: issued by your government and equivalent to your birth certificate.
- Occuppational credentials: issued by the relevant, government-authorized organization, like Engineers Australia or whatever.
- Driver's License: issued by the traffic authority in your country/state.
- Proof of Vaccination: this is interesting, as COVID showed... in my country, it was private organizations issuing that, but they had to be approve by the Government.
The only credentials the big social media companies can issue for you just prove you have a certain handle with them, I guess... which could be used for a more secure "Sign in with Google/Apple/GitHub" for example. But nearly all interesting credentials would be issued by real-world authorities, IMHO.
But yes indeed, private companies do not have much valuable credentials to offer. There just aren't that many categories of personal data you'd ever want to have in a wallet.
Now they might not be running their own infrastructure, but they still have to be the one who authorized the credential to be minted. A faux digital National ID card issued from a random social network will likely not let you get access to government services or let you open a bank account, even if the data itself is all correct.
It is more likely that you'll have "trust frameworks" describing technical and logistical interoperability, and verifiers will accept any issuer that falls under that umbrella. In the US with driving licenses and state identification cards for example, that would likely be AAMVA.
