Report which assertion is signed and who signed it
Extract from a comment in mod_mellon in auth_mellon_handler.c:936 :
/* TODO: lasso only verifies the signature on the first asserion * element. Therefore we can't trust any of following assertions. * If the Response-element is signed then we can trust all the * assertions, but we have no way to find what element is signed.
It would be useful to add a quark attachement to nodes giving their signature
validation status, mainly request/response messages and assertions.