Hi, to begin with, I am a big believer in making it easier for ICP users to sign in with their authentication method of choice. That might Internet Identity, Metamask SIWE, Phantom SIWS, XVerse SIWB.. or any other authentication methods: Google, X, Okta, whatever..
It all depends on the context and the application, what authentication method is the appropriate within the current context.
One thing I am advocating for internally is that ICP should offer an abstraction layer on top of Internet Identity to make it easier for app developers to use more than on authentication method in an app.
Also excited to see community initiatives around this.
The path you describe comes some risks though.
- Principal derive from dapp can share between apps,
eg: user connect bitcoin wallet on kongswap can use the same principal in odin fun
Allowing the user to use the same principal for many apps is a MAJOR security risk. In the scenario you describe, Odin.fun could essentially do swaps on KongSwap for the user without their consent. And vice versa, KongSwap could launch some memecoins on Odin.fun without your approval. And, this might be fine (it really never is) if you trust the parties involved 100%. But, one day you login to some other, less trustworthy service using the same principal and the minute later both your KongSwap and Odin.fun accounts are empty.
On Ethereum, users login to different services using the same address. And, that is fine. Because, there is no shared delegated identity between those services. The JWT token you get from logging in to service A cannot be used to access service B. And, any onchain interactions requires you to approve with your wallet.
So, for comparison, the ICP delegate identity is like the JWT token for a web2 service. And, for the same security reasons, you need a unique JWT token / delegate identity for each service.