A window capable of migration sets a property _GPE_DISPLAY_CHANGE on
itself.  Its type is STRING and it is initially set to zero length.

Changing this property to a non-empty value signals a request for the
application to migrate.  The property has the format "TARGET-DISPLAY
AUTH-TYPE AUTH-DATA", where TARGET-DISPLAY is the desired destination
in "host:display.screen" notation; AUTH-TYPE is the authentication
method in use (see below); and AUTH-DATA is the appropriate
authentication information.  

Prior to setting this property on a window, the requesting application
should inspect its current value.  Anything other than zero length
indicates that the migration attempt has collided with one made by
another requestor, and should be aborted.  Once a migration request
has been processed, the migrated window should reset its
_GPE_DISPLAY_CHANGE property to zero length, indicating readiness to
receive further requests.

The outcome of a migration attempt is signalled by sending a
ClientMessage of type _GPE_DISPLAY_CHANGE to the original display's
root window with event mask SubstructureNotify and payload as follows:

l[0]	window handle for which status is being reported
l[1]	status code, one of:

0	success
1	unable to connect to display
2	requested screen does not exist
3	invalid authentication
4	indeterminate failure

Only one authentication scheme, RSA-SIG, is currently defined.

In this scheme, the requestor reads a challenge string from the
_GPE_DISPLAY_CHANGE_RSA_CHALLENGE property on the window to be
migrated and computes the PKCS-1 signature of the target display name,
followed by a NUL delimeter, followed by the challenge string.  The
authentication data string consists of the key ID used for signature,
followed by a space, followed by the signature text.

--

Should all windows owned by one application be migrated together?  If
so, does this need specific protocol support, or should the requesting
application simply deal with each one individually?