Use of Digital Signature in SAML and Liberty Alliance

Both SAML and Liberty Alliance use XML-Signature for integrity and non-repudiation in profiles that use HTTP POST to pass sensitive information like assertions.  Unfortunately, these profiles are not as scalable as those using SOAP over HTTPS with bilaterally authentication.

This is because SSL can be deployed inexpensively over a server farm and SSL acceleration is becoming a commodity technology.  Also, SOAP-based profiles allow IDP and SP to open and keepalive bilaterally authenticated HTTPS channels.

XML-Signature, on the other hand, can't easily be deployed over a server farm due to higher expense, administration difficulties, and lack of expertise.  Note that IDP and SP must respectively sign and verify each time the user estabilish an authenticated session with a SP.

This worries me because I am interested in developing a browser plug-in that turns IE into a Liberty-Enabled Client.  Liberty-Enabled Client and Proxy (LECP) profile requires the use of XML-Signature to protect assertions from Identity Provider (IDP) to Service Provider (SP).