Not Asserting the
Authenticity of a Subject
•Suppose an Identity Provider (IdP) sends an Authentication Assertion to a service provider. What does the IdP's assertion mean:
1. "I assert the authenticity of John Doe" No
2. "I authenticated John Doe by this ___
method" Yes
•An Identity Provider does not assert the authenticity of John Doe to a service provider.
•An Identity Provider does assert that he authenticated John Doe.