Permission is a three-way proposition:  there's the thing itself, the thing's owner, and there are others to whom the owner wants to give permission to use the thing.  Before Itsme, an owner gave other people permission to use his things by giving them keys, an id, pass, ticket, reservation, etc.  Having to physically pass keys etc. could be very inconvenient, especially if the permission-giver and permission-receiver were far apart.

After Itsme, the owner gives other people permission by putting their Itsme-names into his endorsement table in his Itsme-website.  Endorsement tables are extremely secure, so permissions are equally secure.  Endorsement tables are readily accessible to their owners, so permissions can be easily and flexibly setup and changed.  The moment the endorsement table is changed any permission-receiver has immediate access, without any the need to pass anything between permission-giver and -receiver.  This is very convenient for both, especially if the permission-giver and -receiver are far apart.

When someone uses their Itsme-mobile to identify themselves at one of the owner's Itsme-things, it asks up the network to the owner's Itsme-website if they have permission.  The Itsme-website checks its endorsement table, and replies accordingly.

The idea of not needing to pass physical keys/ids around may not seem impressive to you or me; we only have a dozen or so keys in our lives.  But put yourself in the position of the manager of a large mall, airport, vehicle fleet, or hotel, with a thousand employees and customers, needing routine and exceptional access to a thousand different places and things every business day.   What for us is a convenience is for him a huge cost/time saver.