Question: Where should signature context predicates be applied? (BCR-2026-006 + BCR-2024-009)

[ChristopherA]

Question

BCR-2026-006 defines signature context predicates (signingAs, signatureContext, delegatedBy, delegationChain) for expressing the capacity and context in which a signature is made.

BCR-2024-009 defines a pattern for attaching metadata to signatures using double-signing: the outer signature signs both the original content and the metadata on the inner Signature object.

Where should signature context predicates be applied?

Option 1: Assertions on the signer XID

{
    Digest(document) [
        'signed': Signature
    ]
} [
    'signingAs': "CEO"
    'onBehalfOf': XID(corporation)
]

• Simpler structure
• Metadata is separate from the signature itself
• Currently shown in BCR-2026-006 examples

Option 2: Metadata on the Signature object (per BCR-2024-009)

{
    Digest(document) [
        'signed': {
            Signature [
                'signingAs': "CEO"
                'onBehalfOf': XID(corporation)
            ]
        } [
            'signed': Signature
        ]
    ]
}

• Cryptographically binds context to the specific signature
• Requires double-signing pattern
• Matches established BCR-2024-009 pattern

Option 3: Either pattern with guidance

Document when to use each approach based on use case requirements.

Context

This affects how BCR-2026-006 examples should be written and what guidance we give implementers.

/cc @wolfmcnally

[wolfmcnally]

Where should signature context predicates be applied?

The whole purpose of BCR-2024-009 was to provide a place where assertions could be applied by the signer without modifying the envelope being signed, and with the signer attesting to their own assertions. Assertions added at the same level as a signature are not covered by that signature, and can therefor be added, modified, or removed without the signature being invalidated. BCR-2024-009's format was designed to avoid this: only the signer can add assertions about their signature.