That seems very close to what I demoed recently at the Solid Community Group last week. Doing HTTP Sig authentication via your POD proxy seems like the right idea to me. One could also do it via the client. But I agree with you it is a lot more efficient.
It would be interesting to get your feedback on the HTTPSig spec that I am writing up here (I will put some more work into this very soon, after having collected the experience from my recent work)
https://github.com/bblfish/authentication-panel/blob/sigUpdate/proposals/HttpSignature.md