The technical challenges are vast, is the long and short of it. But it’s high time there’s a good discussion over how it should (or might) work, at least the kinds of properties such a system should have.
Self hosting of federated credentials should be possible, but not required
’Backwards tracking’ of federated credentials should only be possible with limited requests (e.g. ‘verify author of post’) and approval of the credential owner
All data on the credentials instance should be properly encrypted
All data on credentials instance should be fully and easily portable to other instances via common protocols
There are several issues involved here, beyond just ‘mere’ technology, that need addressing. Personally I think a good start might be to engage with public libraries here. They already keep simple identity records (library cards) and have public service purpose well-aligned with the concepts of the federation and public distribution of information and knowledge.