ID-WSF 1.0: only one credential should be added to the SOAP message
In lasso_wsf_profile_comply_with_saml_authentication we traverse the list of
CredentialRef in a web service description and add them all to the security
context of the soap message, is this necessary ?
We also failed if any of the referenced assertion is missing from the session
context, is this a correct behaviour ?
(Needs reference from the specifications)