using the identity url to contain a key fingerprint

[Martin Atkins]

Jean-Luc Delatre wrote:

> Even if this introduce yet more constraints on the protocol, namely the 
> ability to forward private keys from clients machines to authentication 
> servers, it would be nice to have full interoperability between such a 
> system and existing OpenID.

Unless I've missed something vital, there's not really any reason why 
-- assuming the invention of a key-based login system -- there couldn't 
be an OpenID identity server which identifies users by a public key 
rather than a session Cookie. This would provide one-way 
interoperability, allowing users of FancyNewPKSystem to use all of the 
existing OpenID Consumers.

If you can think of a way to make the PK auth work without modifying the 
client then please go ahead and start a project for it! I certainly 
can't think of one, which is why I'm putting myself behind OpenID for 
the time being despite it being just an interim solution.