This is a potential security issue, you are being redirected to https://csrc.nist.gov.
The assertion a party presents as proof of identity, where possession of the assertion itself is sufficient proof of identity for the assertion bearer.
NIST SP 800-63-3
An assertion that does not provide a mechanism for the Subscriber to prove that he or she is the rightful owner of the assertion. The RP has to assume that the assertion was issued to the Subscriber who presents the assertion or the corresponding assertion reference to the RP.
NIST SP 800-63-2 [Superseded]