So, even if a RP wanted to accept an IDP dynamically (e.g. without a prior agreement, i.e. without a client_id) it wouldn't be able to, right?

There are discovery mechanisms but they're not widely used for this use case.

Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?

Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship. We built IndieAuth to avoid the need for any client registration and it works great for that use case: aaronparecki.com/2018/07/07/…

Will read more carefully tomorrow.

Ok, I did look into this more carefully and I remember running into this earlier. How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?

There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: indieweb.org/How_is_IndieAut…

"Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(

Do you mean when there's a viable replacement for DNS? We can cross that bridge when we come to it.

No, in the sense are these designed such that two different RPs get the same global identifier for the same user?