22.214.171.124.4 Context Cancellation Binding
[WSSC1.3] section 6: "Proof of possession of the key associated with the security context MUST be proven in order for security context to be canceled. It is RECOMMENDED that this is done by creating the original claims signature over the signature that signs message body and key headers."
Proof of possession MUST be established by including a security context token conforming to section 126.96.36.199 and a corresponding signature conforming to section 188.8.131.52 in the security element conforming to section 2.2.1. The elements that MUST be signed are specified in section 184.108.40.206. Signatures MUST NOT be signed to prove possession.