5.1.1 Security Token Integrity

The integrity of a security token is compromised when the security token is modified. A digital signature on the digest of a security token enables the recipient of the security token to determine whether or not the security token has been modified since it was signed. The Microsoft Web Browser Federated Sign-On Protocol uses digital signatures to secure the integrity of the security token contained in the wsiginin1.0 response message while in transit. The IP/STS signs the security token that it issues, allowing the relying party to check for changes that might have occurred in transit. The strength of the digital signature depends on the signature algorithm used and the key sizes involved.<87>