I played around a bit and found that, if I include a numeric value in the {sign} list, it seems to be interpreted as a boolean value that causes the variable to be signed if the value is true and not signed if the value is false. I determined this by looking at the generated html form.
So, if I do {sign 1} (any non-zero value will do) then the html form contains, in addition to the id_grp value, another element:
<input type="hidden" name="id_grp:sig" value="someLongSigString" />
If if do {sign 0}, the id_grp:sig element does not appear.
Is this the right way to do this?