No PKI certificates/x.509 used here.
Why not? Doing so might:
This approach lets applications merge in whatever data might relevant, and filter out whatever is irrelevant.
http://www.w3.org/2000/10/swap/doc/
16 of 18