5.1.3 Confidentiality
Security tokens contain information about users and can contain sensitive data. This protocol requires the use of SSL/TLS, as specified in Transport (section 2.1). The use of SSL/TLS prevents the exposure of user information outside the services participating in the protocol, as well as helping to prevent replay attack.<89>