>I would not call it crazy, it looks interesting. But how could you >formalize the method, so that other applications could use the same >method. I'm not sure I'd want to formalize this particular scheme. What I would want is vendors to provide a mechanism we can use to build a credential storage system that provides the same semantics. --Ken