I always liked the idea of OpenID, but you're right, it was far too complex for the average person. I was enthusiastic about it, but never got around to using it because it wasn't simple enough.
I think the kind of approach used here is a bit better than OpenID in terms of separating authentication and identity. You have a permanent account on the service for authentication and the identity (your domain) is more of a pointer / shortcut. That strikes a good balance in terms of letting the service provider dictate authentication policies without usurping your identity people recognize.
Unfortunately I don't think any of the big tech companies would get onboard with an idea like this. They're all racing / competing to control identity right now. Although I've always thought the idea would fit well with Twitter.
I was more talking about the "domains as identity" part that preceded OpenID than OpenID itself. OpenID was if anything much worse in that respect, partly because it tried to solve the authentication problem, not just the "central place to look up information about a user" problem.
I don't having users maintain this domain bit will work very well unless it's integrated with a service provider you're already using, so you'll depend on users relying on decentralised providers already for it to work.
But note that OpenID also allows this. While I used OpenID directly on my own site for a short while, for most of the time that I used OpenID I just added a record to my site that pointed to a third party provider.
The same ability to point somewhere else also exists just fine today with WebFinger, and the Fediverse. E.g. my galaxybound.com/.well-known/webfinger endpoint [1] redirects to m.galaxybound.com, which is my Mastodon install. I could've also put in place a custom webfinger response at my main domain to point somewhere entirely different or add additional resources if I wanted. Similarly, there's nothing stopping e.g. registrars from offering custom webfinger resolution as an extra service.
Personally I'd much prefer that wins, since webfinger provides a single lookup mechanism that can return any number of different types of records for different services without each of them having to invent their own mechanism. This includes using it to discover the OpenID Connect provider for a given user (request /.well-known/webfinger with the "rel" url parameter set to url encoded "http://openid.net/specs/connect/1.0/issuer", and "resource" set to the relevant account URI; setting the "rel" parameter is optional - including it is just a hint that's the only setting you need/want) so you an use it both to indicate authentication preference and to provide arbitrary pointers about your identity.
I think the kind of approach used here is a bit better than OpenID in terms of separating authentication and identity. You have a permanent account on the service for authentication and the identity (your domain) is more of a pointer / shortcut. That strikes a good balance in terms of letting the service provider dictate authentication policies without usurping your identity people recognize.
Unfortunately I don't think any of the big tech companies would get onboard with an idea like this. They're all racing / competing to control identity right now. Although I've always thought the idea would fit well with Twitter.