Federation - Uniqueness of Assertion Identifier, v1.0

All assertions must be uniquely identifiable, this may be accomplished using unique identifiers, nonces, and timestamps.

Assessment Step

Assertion Uniqueness (AssertionUniqueness)
Are all assertions generated in a manner that ensures uniqueness (using nonces, long assertion identifiers, and timestamps)?
Provide evidence (e.g. policies, operational samples) that all assertions include sufficient uniqueness data.

Conformance Criteria (1)

Assertions SHALL be sufficiently unique to permit unique identification by the target RP. Assertions MAY accomplish this by use of an embedded nonce, issuance timestamp, assertion identifier, or a combination of these or other techniques.
NIST SP 800-63C
Section 6.2.1