Today I learned about TrustBearer (thanks Berend). TrustBearer combines openid authentication with smartcard authentication. Setting this up is very easy.
1) sign up for an openid at http://openid.trustbearer.com/
2) pair your cert with the new account
You have to install a Firefox extension that does the certificate stuff.
3) logged in and ready to go
4) try it at a openid consumer
5) present your openid and smartcard
Still what I like most in this use case is that the certificate is on the mobile phone. (We integrated these technologies during our project "CardSpace for Telcos" for Deutsche Telekom Laboratories.)
True, these phones are not very much available today but e.g. every New Yorker who participates in the metro field trial can now use the mobile phone not only to pay his metro ticket but also to make the authentication a little bit more secure (no password involved here. Wait: no information card involved either. doh. No Anti-Phishing, no unlinkability, no untracebility).