grassroots network identity.

i am not really firm with neither security aspects nor identity standards. however, lately i imagine the following lightweight and decentralized setup for a grassroots network identity infrastructure:

1. an identity's key (ie. your login name) is a url
2. behind each url lies a world-readable document describing the identity
3. the document format needs to be specified (it could be xml)
4. each identity document contains an encrypted (hashed) password
5. when logging in with the key url the given password is hashed (and most likely salted), too, and compared with the hash from the document which is retrieved via the url
6. password transmission should either happen via ssl or not at all, ie. it should be hashed by the client (javascript)
7. the identity document might contain sensible information which should be encrypted in a decryptable way. this could be achieved via private/public key pairs that are assigned to individual web services which themselves are represented by urls again (but i did not make up my mind here, yet)
8. user's can take care of their identity themselves (ie. they got shell access to a web server) or let them be hosted at a ceritified identity provider

am i missing something? (i guess so, but please don't hesitate to let me know.)