some changes in requirements draft 3

[Trevor Perrin <trevp@trevp.net>]

To list some of the changes in the last requirements draft, so people can 
comment on them:

1.  In "3.2.1 Requestor Identity", John Messing added a question: do we 
want to restrict the methods of identifying a Requestor to only the listed 
two (string or SAML Assertion as signed attribute), or consider other 
methods explicitly, or make it extensible to other methods?

2.  In "3.3.1 Generic Request Requirements / General", we added text about 
allowing the client to specify schema/DTD information about which XML 
elements have ID attributes, since this will sometimes be needed to handle 
dsig:References that refer to elements by ID attribute.

3.  "3.3.4 Authentication" was added.

4.  In "3.4.1 Selective Signing", we added the ability for the client to 
refer to a group of transforms by a single "transform profile" identifier, 
instead of having to list them individually, per Gregor's request.

5.  In "3.4.3 Output Delivery", we added some text about delayed response, 
where the client asks for a signature and gets a transaction identifier 
instead, and then has to check back later to pick up the signature.

6.  In "3.5.2 Output Delivery", it was changed so the server can't return a 
response signed document via a URI, but must return it within the protocol.

7.  In "3.8.2 Query Requirements / Verification Service", it was changes so 
the server doesn't need to support queries for which transforms it 
supports, only for which policies it supports.