I've authored several papers that capture what I see as the essence of your characterizations, in a simple form. The central notion is that most of these relationships are NOT about trust, but rather about authority. if one views them in this fashion, then it becomes apparent that the entities that are authoritative for identification and authorization assertions should be CAs, and we, as individuals with many distinct identities, should expect to hold many certs, each corresponding to one identity.
The problem for such PKI is that, if we have certs based on existing trust (e.g. I trust some organization have an authority to issue passports) relationships, we can exchange shared secret using the relationships that we don't need any public keys.
This is what happens in the physical world with most physical credentials: passports, frequent traveller cards, etc.
Our trust relationships in these cases are so strong that we can be delivered not only PINs (shared secret) but also physical credentials.
Then, who need public key cryptography?
Thus, many expect thatm once a PKI is formed, it can create any trust relationship for anything.
We know a PKI does not.
The next question is, does a, two or millions of PKIs worth having?
I don't think they do.
Masataka Ohta