...
Obviously the assertion is likely to contain arbitrary attribute information that the WSP can consume directly. The example uses a transient <saml:NameID>
element for the principal, but this needn't be assumed. If the assertion were left in the clear, then the identifier could be encrypted piecemeal.
...