I think you missed the point: is it possible not to have to respec signing and
encryption
for every variant of data model and serialization?
XML is a document format which makes it a bad choice for a data format.
There are a wide variety of contexts and considerations.
How would you update BCP70 on use of XML? Section 3 covers many of the points.