If the embedded and the containing objects have owners with different origins, the authenticity of the embedded object MUST be verified independently either by fetching it from the server of origin, or by verifying its FEP-8b32 integrity proof.
Couldn’t the consumer optionally interpret as if the object were anonymous, instead? To give an extreme example, producers could assign an id to an endpoints object, but I think most consumers would simply ignore the id and assume that the embedded representation is authentic.
I think that explains what Misskey is doing for embedded Emoji objects: