I think it's fair to describe the need for signing as a lemming. However, I wonder why the initial evangelists of this standard (that is, in our current post-http era) chose signing instead of API Keys.<p>So often these kinds of things are a reaction to some negative experience.