It is fair to say that the public perception, of identity data breaches, has become somewhat normalized due to the frequency of media coverage.
However, the financial consequences, not to mention strict regulatory focus, will only intensify over the short-to-medium term.
Wider adoption of peer-to-peer trust models will take time but are a potential part of the solution. At a higher level, a hybrid solution is just as likely to emerge that that may, or may not, be underpinned by a decentralized identity model.
There are a great deal of barriers to overcome.
Most proposed solutions are likely be to avoid the exchange of any identity data as much as possible. The assurance of someone's identity will come from the identifying body. Assurance providers will still have to hold the identity data though so this does not remove the need for secure data practices. During identity registration for example.
Many sectors have been looking at this problem and all of them want to be the key custodian. Who is the correct key custodian? Local Government? Defence? Retail? Utilities? Not an easy question to answer but all have a vested interest in this domain.
You mention the analogy of tokenization but it is wrong to say that it is hard to imagine this theory being applied to the identity problem. Someone still has to hold the data but requests for identity assurance may be reduced to binary answers rather than exchanging the identity information. At least that will reduce the attack surface as less people will hold the data. Technologies based on SAML take a similar approach.
With so many stakeholders; it will prove impossible for all to agree on an individual provider/system. It is extremely difficult to achieve universal standards adoption worldwide. Consider the example of PKI environments; how many certifying authorities are there? Quite a lot. Not to mention that many organisations act as their own assurance provider for closed systems.
The internet is now predicated on data, linked to identity, being an asset. It seems ludicrous to think this will now somehow be abandoned when there is an entire global economy based online.
The realistic goal in the short-term is to reduce the need, for identity data to be exchanged, as much as possible. The people that do hold it should have strong fundamental security practices.
The long-term may provide more radical solutions but it is unlikely to happen overnight.