The idea of a badge issued by a trusted agent is also a good one. However, what credibility does an issuer have if there is no consequence to not policing their badge holders? How do you avoid recreating the "certificate authority" debacle around ssl centralization?