The specifications (https://na1.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm) for the OAuth 2.0 SAML Bearer Assertion Flow state that the Subject of the assertion must match the Username of the desired Salesforce user.  This is working well for us, but soon we will need to be able to create an assertion which matches the Federation Id of the desired user.

Does the OAuth 2.0 SAML Bearer Assertion Flow support Federation Id?  If not, is there a workaround possible?