I agree, I think a third party attribution service makes a lot of sense, similar to how https has trusted CAs there could be different trusted attributors that can verify that a user has some account with some kind of verification, and these pluggable attributors could then be trusted by sites. You'd still need to integrate with a trusted authenticator, which some people might find objectionable, but it's probably better than the current proposal in that regard.
This of course only covers half of the use cases discussed (the half about preventing bots, not to say anything about the more DRM-ey aspects).