2.2.4.2.2 Security Token Signature

The security token MUST contain an enveloped XML digital signature, as specified in [XMLDSig]. The signature MUST be performed over exclusively canonicalized XML, as specified in [Excl-C14N]. All transforms performed on signed elements MUST be included in the Transforms element, as specified in [XMLDSig] section 4.3.3.4. The signature MUST be produced using the requestor IP/STS private key. The KeyInfo element, as specified in [XMLDSig] section 4.4, MUST either directly include an X.509 V.3 certificate (as specified in [X509]) or reference an X.509 V.3 certificate using the X.509 V.3 subject key identifier (SKI), as specified in [RFC3280] section 4.2.1.2. For further specifications, see [XMLDSig] section 4.4.4. It is recommended<30> that the certificate be included directly in the KeyInfo element, using the X509Certificate element.

The X509SKI element contains the base64-encoded ([RFC4648] section 4) plain (that is, non-DER-encoded) value of an X509 V.3 SKI extension. If the SubjectKeyIdentifier field is not present in the certificate, the certificate itself MUST be included directly in KeyInfo. Examples of these fields are found in sections 4.2.3 and 4.2.4.

Note that the message format of the security token does not incorporate encryption beyond the encryption provided by SSL/TLS.