It's existed since 1988: LDAP/X.500[1] It's just not used globally because of three reasons, as far as I can tell,

1) most people don't want their information public and searchable to that extent

2) most orgs _want_ to silo you in or otherwise control your account

3) the org using x500 still needs to have their own permissions separate from the central directory, which is the harder part of auth[nz], so just rolling your own authn is often easier.

[1] https://en.wikipedia.org/wiki/X.500

Ah yes, and Shibboleth is another I should've thought of in earlier comment.

I think you're absolutely right in particular with #2.

But if it had come originally, alongside DNS, 'everything has an address, everyone has an identity', it might've been an unquestionable fact of the internet.

Orgs can't silo you in to their alternate net where they have a more desirable domain name, because it's just not practical or user friendly.

I just think it might have been so for user identity.

There is a recent RFC which applies the DNS to security checks for passwords, credit cards, etc. https://tools.ietf.org/html/rfc8567

At first glance it seems worth reading properly tomorrow. Except, '1 April', is it a gag RFC? (In a way, I suppose, it doesn't matter - those tend to be as worthwhile!)

The critical flaw (for users) of Oauth is that there is no portability between providers. Unlike a domain name, You can't move your login ID to a different provider