Comment by TekMol

I only skimmed the article, but the proposed solution seems to be that the authority (the "issuer") sends data to a device the user owns but has no control over. Like an Android or iOS phone.

The data is of such form that the phone then can pass challenges of type "are you of at least x years old" without giving out any other information.

And the user cannot share that data with other users because their phone will not let them.