I think you are right about this. So if I understand correctly it can work as follows:

First, before I go shopping,  I send some bitcoins to a 2 of 2 multisig address between me and some 3rd party service. TX1

After that transaction is confirmed (standard 6 or more blocks deep in the chain), any merchant that also trusts that 3rd party service not to double spend can receive "instant payments". As follows:

I show up at merchant store (or website), I buy stuff and for payment: I send a message to the 3rd party service with my signature for TX1 and ask them to sign it and send payment to the merchants public address (that they've provided me). This could be done either through my wallet or the merchants wallet/pos but it is done 'offline' in the sense that this message is not sent to the bitcoin network yet since it needs the 3rd party signature.

3rd party service checks their own system to make sure that they've received no previous attempt to spend TX1 and then creates a transaction spending TX1 (TX2) by adding the second signature needed.

Merchant can get sent a copy of TX2 and does not really even have to wait for one block confirmation. They trust 3rd party and know that 3rd party will not double spend.

I think this how greenaddress.it is doing it? Yes.? They also use the nLockTime parameter, so that TX1 will 'expire' after some time so that I can get my coins back if 3rd party goes bankrupt or doesn't release payments when requested, but I haven't got my head around that part yet (as haven't looked into nLockTime yet).