Maybe we don't want them to be able to do any of that
And I think you are missing the point, the goal it's not to standardize logins, it's about making impossible for servers to know my password, hence impossible passwords leaks
That would allow people to reuse strong passwords, and not need passwords managers, because that's what they are doing anyway!
> Maybe we don't want them to be able to do any of that
"We" who? Application owners want that, browser vendors want that (their greatest fear is that mobile will eat the web, so they don't want to make the platform less flexible)... and users generally don't mind.
> impossible for servers to know my password, hence impossible passwords leaks
That would require deeper architectural changes to HTTP auth, but is probably a reasonable goal. That said, it's more readily approximated with unique passwords + having a good password manager. The main risk of password leaks is not that they make that particular breach worse (since the attackers can just grab your data), but that passwords are reused too often.
Federated login is another approximation, where the password is only known to your identity provider, not to every identity consumer. It's modestly successful for some lower-value services.
And I think you are missing the point, the goal it's not to standardize logins, it's about making impossible for servers to know my password, hence impossible passwords leaks
That would allow people to reuse strong passwords, and not need passwords managers, because that's what they are doing anyway!