However there's no way to write an output such that it controls the form of the spending transaction.
What I am trying to do is figure out a way to build an online wallet that eliminates (most) of the security worries, while still allowing the operator to make a profit of charging a transaction fee. The idea was that when people deposit, it goes into a multi-sig transaction (lets say 2 of 2 for now).
Both keys are encrypted on the server, but the users key is encrypted with the users password.
The server creates a transaction where part of the output is sent to the users desired address, and part of the output is sent to an address that is the 'fee' address of the wallet. It adds the server's private key, and then when the user inputs their password, the private key is decoded and added to the transaction.
The idea being that the user via the wallet is signing transactions that give a small fee to the wallet, but the wallet, if stolen/hacked, the losses would be limited to only those users observed entering their passwords at that moment.
Thoughts? I remember your talk at the conference and I've been fascinated about the idea of coming up with ways to create more complicated transactions that would make it relatively 'safe' for using on a online wallet.