Deployers MUST use XML Encryption for assertions and MUST use AES GCM as the encryption algorithm
Deployers of IdPs MUST use separate encryption and signing keys
(we are explicitly remaining silent on the question of SP key use (combined signing+encryption))