So, for some reason, it started working the way I wanted. The identity of the Isolated Storage is identified by the domain that served the .xap. To clarify:
relative path in the .xap src path like this
<object data="data:application/x-silverlight-2," type="application/x-silverlight-2">
<param name="source" value="/mypath/my.xap" />
</object>
Since my.xap is provided as part of site, the store will be associated with that site's domain.
If you provide the .xap from a different source then use the full path in the .xap src path like this:
<object data="data:application/x-silverlight-2," type="application/x-silverlight-2">
<param name="source" value="http://usethisdomain/mypath/my.xap" />
</object>
The store will now be associated with usethisdomain. No assembly signing necessary. I'm not really sure why I was seeing the different results I was seeing before.
Additionaly, the Types of Isolation documentation doesn't seem to fully apply to Silverlight. All my attempts to strongly name the assembly didn't change the isolated storage identity. Investigated the silverlight System.IO.IsolatedStorage
code with a decompiler but didn't find any code that looked for assembly strong names. Maybe it's just really hidden.
In conclusion, if you can control the domain of the source parameter then you can control the identity of isolated storage in silverlight.