+\r
+ # HOWEVER!\r
+ # PL now also declares these, with different URLs, so\r
+ # the code notices those attributes already existed with\r
+ # different values, and complains.\r
+ # This happens regularly on delegation now that PG and\r
+ # PL both declare the namespace with different URLs.\r
+ # If the content ever differs this is a problem,\r
+ # but for now it works - different URLs (values in the attributes)\r
+ # but the same actual schema, so using the PG schema\r
+ # on delegated-to-PL credentials works fine.\r
+\r
+ # Note: you could also not copy attributes\r
+ # which already exist. It appears that both PG and PL\r
+ # will actually validate a slicecred with a parent\r
+ # signed using PG namespaces and a child signed with PL\r
+ # namespaces over the whole thing. But I don't know\r
+ # if that is a bug in xmlsec1, an accident since\r
+ # the contents of the schemas are the same,\r
+ # or something else, but it seems odd. And this works.\r