>I know it's a weak example, but hopefully you get the point. Indeed. You could require each XRDS file to name other URI's that could legally be used with it, and require RP's to reject any set of URI's where any of the XRDS file did not name every other URI? -Shade