> Financial losses are not the only type possible. Loss of reputation or un-reparable disclosure of personal data (e.g. some medical condition) are very difficult to measure in financial terms and possibly way more harmful.
Are you referring to loss of reputation or disclosure of personal data due to an imposter obtaining personal information about you by masquerading as you online? If so then even if you can't necessarily measure the damage financially you could still establish some sort of penalty for the people who failed to check your identity properly (in those cases in which there isn't one currently, as most places should have one in place for improperly disclosing medical information).
> The secure enrollment of a person is probably the most costly  of all, the issuance and maintenance of a secure token (e.g., a smart card) is very costly too.
I would have thought that re-using existing systems of secure enrollment (like your example below) should be possible today. Here in Germany for example, you can open an account at a bank without appearing in person by having a post office confirm your identity to the bank. And a mobile phone can replace a secure token (like the "MTANs" used by banks) in situations in which five to ten cents is an acceptable price for a secure transaction. Provided of course that you can easily block the phone (as in prevent SMSes from reaching it!) if it is lost or stolen.