Ideally the SAML assertion should be signed by STS.
⇑ Translate the sentence above by Google ⇑
Related: assertion