Why is the federal government's involvement necessary? We have a (mostly) workable PKI system for SSL certificates. Why does a consumer-focused PKI require government coordination?
I think the lack of a widely deployed PKI for authenticating consumer's identities is an indicator that a novel approach is required, but what can the federal government do that an independent (perhaps multi-national) organization could not?
You've gotten to the real issues here. If the problem is lack of industry consensus (i.e. N standards instead of one), maybe the government can bully the industry into picking one.
We are "very early" in the sense that we're in the same place as 1996: usernames, passwords, credit card numbers, and SSL. (Or maybe we're worse off, since we didn't have much phishing in 1996.) What is it going to take to get some progress here?
It's not the government's job to pick winners and losers. Think about the words you selected: bully and progress. Together those don't sound very democratic to me. It's ends justifying the means thinking that gets well-intentioned people into trouble. Progress is people wising up about security, not forcing them to use certain technologies.
I think the lack of a widely deployed PKI for authenticating consumer's identities is an indicator that a novel approach is required, but what can the federal government do that an independent (perhaps multi-national) organization could not?