Hi, Another question: should security metadata reside with the VOEventStream definition or the subscription capability for a particular server? Or both - the stream could have a link to where the PGP key is available and the subscription indicate that the stream is signed. Cheers, Matthew