[OpenID] DSig with (server-generated) dynamic content

[SitG Admin]

There was a discussion some time back about the dangers of parsing an 
*entire* web page for OpenID headers, since a guestbook (or comments 
by visiting users) might be embedded further down the page, 
statically, instead of left for inclusion with JScript by a browser.

One of the challenges I keep expecting to hear that DSig has solved 
somehow is normalizing XML files so that they always produce the same 
hash for the same data despite different collections of that data 
each having their own whitespace outside the tags, and those tags 
being in no particular order.

I'm thinking of HTML as XML, signable - and wondering whether anyone 
working with DSig has looked at signing webpages in this way, before?

-Shade