This is an idea I have been mulling over a bit.
An recieptionist (an object), that is reachable via an sturdyref, recivies an sequence of authorization certificates.
An certificate is an tuple of issuer, instructions and signeture of those two by the issuer. An issuer in above is simply an public key (or fingerprint of the key to identify it). The private key counterpart of that key is used to sign the certificate.
The recieptionist has an mapping of issuers to avatar objects.