#pcarrierDoes it though? I could imagine keeping a list of user, private key in local storage, and the server resigning the assertion that's been signed by the client to prove it has the private key after verifying the user ID -> public key association, for example