Deployers MUST use XML Encryption for encrypt assertions and MUST use AES GCM as the encryption algorithm.
SPs MAY use a single RSA key for both decryption and signing in the event that they have a signing key.
Deployers of IdPs MUST use separate encryption and signing keys (we are explicitly remaining silent on the question of SP key use (combined signing+encryption))if we end up requiring IdPs to decrypt, otherwise moot).