2009-09-07 08:24:59 UTC
Bart,
I think the answer to your question is that we didn't follow OEBPS spec that closely! (OEBPS is in fact the pre-cursor to MusicXML compressed containers (MXL files) which OSF is at least forward compatible with. Another influence for the design came from the Yamaha Digital Music Notebook service (http://www.digitalmusicnotebook.com/) which uses packages that are similar to OSF.
At one point, some of the project partners were interested in digital rights management as well. We did the design work for this, and there are several hooks in the design of the manifest to allow a DRM scheme to be overlaid at a later stage. The usage scenarios are in fact very close (but not quite identical) to e-books.
In practical terms, The location of the signatures makes little difference to implementation complexity - wherever the signature is held, the document containing the signatures requires an enveloping signature for integrity. We found that by using a library implementation of XML DSIG, there was actually very little work to implement this.
Many thanks for your interest!
