XML DSig

[Will Norris <will@willnorris.com>]

I'm sure this must have been discussed before, but it was before I got  
involved with the TC.  Why are we not using XML DSig for signing XRD?   
I just got off a Shibboleth call where we were discussing the scope of  
work for adding OpenID and XRD support to Shibboleth, and several  
people (Scott Cantor included, of course) asked why weren't using XML  
DSig.  I didn't actually know the answer.  I've certainly wondered  
that myself, but kinda took it at face value that there was a good  
reason.  Is there?  Is it really just that XML Canonicalization is  
"too hard"?  If that's it, then isn't the answer to just write better  
libraries ONCE and be done with it?  Was there something else brought  
up in past discussions?

If there is a good reason, that's fine... I'd just be a little  
embarrassed (especially as a developer) if all we have is "it's too  
hard".

-will