Ok I understand - user would still be required to authenticate to both service A and B for ICRC-35 to authorize the handshake.
This sounds to me like more of an inter-dapp data sharing standard, no? Auth to A, A wants data from B, auth to B, and approve the sharing.