I just replied to this other thread, but is has info related to this topic too: Adventures in Rust, Node.js and Safe - #14 by bochaco
I may be repeating some of what @joshuef said already, but putting this simple is to think that you can use Safe without authd and without the Wallet container stored on the network. Every request/message you send to the network has a signature the network verifies and if it’s valid the operation is executed. How the application generated the signature doesn’t matter to Safe, the app can hold the keypair locally, grab it from a remote service, perhaps it doesn’t even have access to the secret key as it uses a hardware wallet to generate the signatures, all the network cares is about the signature to be valid.
The authd is just another app to help users to administer these keypairs, it assigns a different keypair to each app the user has authorised to with the allow commands and API.
The triplet (vendor , name, id) you mention is again something only the authd cares about, to map each keypair to each app the user has authorised in the past and so to give the same keypair each time the app requests it.
Yes kinda, it just needs to expose the service on a JSON-RPC over QUIC endpoint as the authd does, in this way the authd-client API can talk to it.