"Windows and Mac OS are in the process of being able to isolate and identify applications
similar to mobile operating systems. Until such mechanisms become available, we
can provide best-effort app identification (but obviously with much lower reliability)."
This is my belief as well. A token API doesn't get you far (enough), you need an architecture to back it with.
The only snag here is that there is little if any consensus on how the Architecture, Keys and Relying parties
are supposed to interact. Since the other guys appear to be pretty clueless, they will probably take on
Google's architecture ideas. Or not.