Proposal for a SAML-WebSSO profile with enhanced privacy

Identity Federations having B2C-type and sometimes other use cases need to prevent the collection of user data across services for privacy and business case reasons. This draft proposes a new SAML profile with improvements in respect to un-traceability, un-linkability and non-disclosure.
[Updated June 15]
[Update July 20: After a discussion with John Bradley (@ve7jtb) and Nat Sakimura (@_nat_en) I realized that the limitation of that protocol is that identifiers need to be temporary, i.e. per authentication. The majority of use cases needing a persistent id (i.e. per Relying Party), would not be served by that schema. The reason is, that the persisent id needs to be formed using a constant SP identifier. This would at leas indirectly identify the SP.]