I recall an extensive discussion around the removal of the phrase "held
by the subject" in reference to holder of key.
The idea was that HoK described a key that required proof of possession
by a attesting entity vs. being held by the subject,
Appropriate text does appear in lines 781-783 of saml2-core. However,
lines 335-337 of saml2-profiles reads
As described in [XMLSig], each <ds:KeyInfo> element holds a key or
information that enables an
application to obtain a key. The holder of a specified key is considered
to be the subject of the assertion
by the asserting party.
Proposal: replace the last sentence by
"The holder of a specified key is considered to be an acceptable
attesting entity for the assertion by the relying party"