Comments on this

store an calling card => store a calling card
web stie relationships => web site relationships

It is even worse than they say: a shopping site may steal a bank password if the password is shared; the shopping site need not be careless with passwords.

I think the plan is good. I hope that the logic of the station is well thought out for it will hold valuable secrets. The plan relies on a secure platform, of which there are alas none. I think that it is necessary to inform the user of the credentials that inhabit the station and that the user can scribble notes associated with them. The paper does not indicate whether an individual can move a credential.

Capability logic requires that the user know which authority he wields! A mere pile of BCAPs is vulnerable to the confused deputy.

I have not seen yet the logic by which a browser decides to send a crededntial.