And specifically Sam goto (Google, fedcm) and Dick Hardt (hello, oauth2 spec writer).

This was originally thought up a couple (5-6) years ago along side fedcm and privacy sandbox, but before SD-jwt was full baked, so it wasn't as clean. The use of SD-jwt is much better for privacy.