Nice to see progress on PoP!
A few first questions and comments:
Many PoP mechanisms are only valid for a certain time and need to be refreshed regularly (Encointer, IDENA and others). How would the people pallet respect such a time-to-live?
The people-pallet seems to assume binary PoP confidence of 0% or 100%. I think this is a design flaw, as I argued here. tl;dr: In order to decide on a PoP with binary confidence, a threshold must be applied by the DIM. Different contexts require different confidence levels. This information will be lost with the requirement for binary confidence. Any threshold will render the entire system either too insecure or too exclusive for any given context.
About privacy: First off, I really like to see that privacy is a first thought in this new polkadot-sdk pallet. Even when assuming the cryptographic design to be perfect, the problem remains that people will use their contextual-pseudonymity onchain, where behavioral patterns will stay engraved forever, eventually linking people across contexts. This is not a critique of this pallet’s design. I just want to emphasize that we should do as many tasks off-chain as possible.
To be fair, the bigger privacy risk will probably lie with the PoP attestation in the first place, which is out-of-scope here.