How will you address the well known (by specialists) major flaw of biometrics ? Our iris, fingerprint, voice, heartbeat are all non revocable. We need to be sure about mathematical security treatments of the biometric data. IMHO, you will again need to combine biometrics with an additional separate revocable authentication !

How can we be sure that institutions and companies will properly use cryptographic salts or equivalent procedures ?