(1) Assertions MAY be signed using XML-SIG
(ISSUE: enveloped, enveloping, detached? --- are we ready to
make a recommendation? Do we want to constrain KeyInfo).
(2) Assertions MUST be signed if the RP receives them from any
intermediary (entity other than AP).
(3) BUT assertions may be embedded within Response/Request
messages. These may also be signed with XML-DSIG (ISSUE: as in
(1) above). Question: If an assertions are contained within
a signed Request/Response pair, can they "inherit" the
super-signature?? Should we support this flexibility or
should we insist that assertions be individually signed?
(4) BUT request/response messages may themselves be embedded
within other payloads (XML, MIME). These payloads may themselves
be signed. Should the contained SAML messages "inherit" the
(A) Do not consider any signature inheritance notion for
SAML messages or assertions.
(B) Include signature inheritance upto (3), do not include