Hi,

I think is correct to have different IDs for assertions issued to different service providers, no ?

Each SP may have different requirements about how the assertion should be issued, some elements are pretty related with the target SP.

I also think that the renew logic is more related when using SAML and WS-Trust.

Regards.