3.1.5.4.2 Message Validation

The syntax MUST be validated by ensuring that all required parameters are present and contain the correct type of data. For further specifications, see section 2.2.3.

Before issuing a security token to protect the user's privacy, the IP/STS MUST verify that the entity that sent the wsignin1.0 request message is a federated partner that holds the role of relying party, as described in the Abstract Data Model. The relying party's identifier MUST be retrieved from the wtrealm parameter in the request (as specified in section 2.2.1) and compared against the federation partner configuration data (as specified in section 3.1.1.2). <55>

The wauth parameter, which is described in section 2.2.3, MAY<56> be used.