The german gov ids actually have a way to issue pseudonymous tokens where websites can only see that you are the same person as last time.
You can't make 2 accounts on the same site if sich things are unwanted.
You can't link accounts across providers.
How it works under the hood?
No specific idea. I wonder if its sound.
How does the government know which token a ID card generated? The ID card itself generates (for each service a different one) and encrypts it. Not even the card reader can read it. It is a encrypted channel between the card and the ID-server for the site/service. The pseudonym function does not identify a person but a card.
The government doesn't know which card a token from a "pseudonym function" belongs to. The government can identify a person when the ID function was used, of course.
Again, it is a random token the card generates internally for each service. It is non transferable! If you get a new ID card, you can't use it login to whatever you used your old card for. (You would need something else... say an email :-) to tie the knot back to the old identity or whatever.) Which makes this function, the pseudonym function, very bad for random accounts (Edit: meaning longer lasting online identities like forums or whatever). I guess eaglemfo didn't knew.
It's more for like "yes, yes, I'm an adult, now give me this pr0n movie which I pay for with my anonym prepaid card" kind of deals.
I read this as tongue-in-cheek at first (since most web sites do their darnedest to track their users, and having a log-on kind of requires this anyway).
A centralized authentication system like this wouldn't need to be a single consistent UUID per person which was then passed around. Presumably you'd have a central login to authenticate you to the system, and then the system could create separate 'id' tokens per web site or whatever that the user logs in to.
Oh man, that sounds like a terrible idea privacy wise. Every website would make use of it to track it's user.