The more I thought about the idea, the more I realized that I would translate P2P as Persona-to-Persona. And what a challenge this will be for Identity Providers (IdPs) and Service Providers (SPs). I'd say this is the consumer aspect of the Identity Manifesto.
We have the tools to allow fine grain authorization -- OAuth 2.0. Now it's up to both parties to implement solutions that deliver that granularity to the user.
An Identity Provider (IdP) has all sorts of attributes about me on file. Hundreds of them. When we are on our mobile device, our wireless provider even knows exactly where we are. Identity Providers are promoting these technologies to the Service Providers (SPs) -- the companies that provide consumers applications -- by promising access to attribute information. The IdPs have little incentive to be an advocate for the consumer. The SPs have only a minor incentive to minimize their request for information (that being the fear that some people won't sign up for their system if they realize they have to give away their information). At the moment, consumers have very little leverage. That needs to change.
We all have different personas: worker, family member, citizen, etc. I don't want all the information about me shared across the worlds I live in. Yes, the UPS application can know my home address. No, I don't want the Facebook app to know it.
It's up to both the Identity Provider to provide an API and an Application Developer at a Service Provider to use it in a way where I have fine-grain access control to allow access only to the subset of attributes that make sense for me to share. No longer can we consumers tolerate the current state where I have to give an application permission for everything in order to use it.