Indeed. But a federated database is fine, too; this is how Visa and MasterCard work.
Imagine having a bunch of ID cards in you wallet, like you already have (driver's license, library card, office access card, store loyalty card) that all have interoperable smartcard interface, and a QR code of their built-in public key.
They would be much like contactless bank cards you also keep in your wallet.
Banks and phone network operators are uniquely positioned to sell a validation service for such cards, being highly connected and already having data about their existing customers, which would be an easy initial audience pool.
Otherwise there's no protection against impersonation if IDs aren't mandatory.