SAML token and holder of key.

["Giuseppe Sarno" <gsarno@nortel.com>]

Hi,
I'm new to WSS and I started some investigation on SAML only recently,
in all honesty I'm really new to Web Service security in general.
Any way I'm looking at SAML and to it's usage (and I posted few
questions to the SAML-DEV forum), I know have a question on the SAML
token profile 1.1 and I think this forum is probably more appropriate.
Any way on page 18 of the spec SAML TOKEN PROFILE 1.1 (Draft 11 nov
2005) about Holder of Key it is said that the <SubjectConfirmation>
Element must include a KeyInfo to identify a Key (public or private)
that can be used to confirm the identity of the subject. It is also said
later on as example that the sSENDER could sign part of the WSSE message
including a <ds:Signature> in the header using that confirmation key.
This all make sense but I just would like to test my Security knowledge
(and in this case my understanding on Signatures).

If I put a Public Key in the SubjectConfirmation and used my Private Key
to create the <ds:Signature> element wouldn't this be opent to MITM
attack ? I mean the attacker could chane the PublicKey as well as using
his private key to sign the message. 
To avoid this shouldn't a Certificate (509) in the Subject confirmation
be a better option ? (without considering out of band agreement).
Continuing on this why then the Spec say on page 28 that the holder of
key is not vulnerable to MITM attack ?  
What I'm missing ?

Thanks.
Giuseppe.