The notification pattern is a matter of the application; this is not my main concern (plus, there are better ways for applications to get trusted notifications than require them signed). From the platform point of view, everything is dynamic, so it makes sense to react quickly.
For instance, the HTTP signatures as used with ActivityPub are valid for around 30 seconds (from what I learnt from Mastodon), after which no verification is made (so the key can be dropped). The PoP tokens used by Solid are also issued for a limited time window, in order to limit the amount of server-side caching of already issued tokens.
The pseudonym identity is not interesting, because at one point all the members of your social graph need to agree on who you are. Having different separate identities with only one other identity in each social graph is not great, to say the least ^^