The best question is who do you authorize to assemble parts of your identity?
Discussion
A few big (anti-spam) paid relays + a private one as a backup?
Or an individual identity request encrypted to one of your public keys. Once you authorize, the system builds a unique list of keys to be sent to the requester in such a way that if the requester leaks the list, you know which requester leaked.