In response to P.V.McMahon:
I'm trying to say that the authorization of the issuer is unimportant. The
restriction
applies to the instrument. The person cashing the check needs no more than
proof of identity. Nowhere in this scenario is an authorization certificate
needed,
only identification certificates.
In the computer world you would receive a content which satisfies a type
definition.
I could imagine the following (partial) definition:
PersonalCheck ::= SIGNED SEQUENCE {
number INTEGER,
date UTCTime,
issuer Name,
recipient Name,
statedValue Money,
guarantor Name
memo OCTET STRING
accountNumber AccountNumber
restrictions RestrictionList OPTIONAL,
...
}
...
If this object (instrument) were widely recognized, it could serve as a
reasonable analog for
a personal check. All attributes are constrained to the object.
Authenticating this object
would consist of validating the signature AND checking the internal components
of the object
including whether the issuer is a known check bouncer etc.
John