The problem is how do you hide what website you’re going to from the identity provider?

Not only don’t you need to, you would really have to know the generator of the token because it needs to verify that you are the user that was issued the token.

You upload identity to a site and it gives you a date stamped token which confirms your age.

Then when that token is uploaded to an SM site, it verfies the identity of the giver with the site that gives the token. The identity is a hash generated by the token site and contained in both the token and a namespace at the token site, so only the token site knows the real identity. Once the token has been confirmed, the namespace is re-used.

So you can’t really sell the token, because its linked back to the identity you uploaded to the token site. You need to be logged in to the token site.