zxid
view release on metacpan or search on metacpan
schemata.pd view on Meta::CPAN
<<schema:
<<sg/liberty-idwsf-interaction-svc-v2.0.sg>>
>>
99.5.7 id-dap (dap)
~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/id-dap.sg>>
>>
99.5.8 liberty-idwsf-subs-v1.0 (subs)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/liberty-idwsf-subs-v1.0.sg>>
>>
99.5.9 liberty-idwsf-dst-v2.1 (dst)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/liberty-idwsf-dst-v2.1.sg>>
>>
99.5.10 liberty-idwsf-idmapping-svc-v2.0 (im)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/liberty-idwsf-idmapping-svc-v2.0.sg>>
>>
99.5.11 liberty-idwsf-people-service-v1.0 (ps)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/liberty-idwsf-people-service-v1.0.sg>>
>>
99.5.12 liberty-idwsf-authn-svc-v2.0 (as)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/liberty-idwsf-authn-svc-v2.0.sg>>
>>
99.6 SOAP 1.1 Processors
------------------------
99.6.2 wsf-soap11 (e)
~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/wsf-soap11.sg>>
>>
99.7 XML and Web Services Infrastructure
----------------------------------------
99.7.1 xmldsig-core (ds)
~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/xmldsig-core.sg>>
>>
99.7.2 xenc-schema (xenc)
~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/xenc-schema.sg>>
>>
99.7.3 ws-addr-1.0 (a)
~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/ws-addr-1.0.sg>>
>>
99.7.4 wss-secext-1.0 (wsse)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/wss-secext-1.0.sg>>
>>
99.7.5 wss-util-1.0 (wsu)
~~~~~~~~~~~~~~~~~~~~~~~~~
<<schema:
<<sg/wss-util-1.0.sg>>
>>
100 Appendix: Some Example XML Blobs
====================================
These XML blobs are for reference. They have been pretty
printed. Indentation indicates nesting level and closing tags have
been abbreviated as "</>". The actual XML on wire generally does not
have any whitespace.
100.1 SAML 2.0 Artifact Response with SAML 2.0 SSO Assertion and Two Bootstraps
-------------------------------------------------------------------------------
This example corresponds to t/sso-w-bootstraps.xml in the distribution.
Both bootstraps illustrate SAML assertion as bearer token.
<soap:Envelope
xmlns:lib="urn:liberty:iff:2003-08"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<soap:Body>
<sp:ArtifactResponse
xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="REvgoIIlkzTmk-aIX6tKE"
InResponseTo="RfAsltVf2"
IssueInstant="2007-02-10T05:38:15Z"
Version="2.0">
<sa:Issuer
xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<sp:Status>
<sp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></>
<sp:Response
xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="RCCzu13z77SiSXqsFp1u1"
InResponseTo="NojFIIhxw"
IssueInstant="2007-02-10T05:37:42Z"
Version="2.0">
<sa:Issuer
xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<sp:Status>
<sp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></>
<sa:Assertion
xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ASSE6bgfaV-sapQsAilXOvBu"
IssueInstant="2007-02-10T05:37:42Z"
Version="2.0">
<sa:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#ASSE6bgfaV-sapQsAilXOvBu">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>r8OvtNmq5LkYwCNg6bsRZAdT4NE=</></></>
<ds:SignatureValue>GtWVZzHYW54ioHk/C7zjDRThohrpwC4=</></>
<sa:Subject>
<sa:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="https://a-idp.liberty-iop.org:8881/idp.xml">PB5fLIA4lRU2bH4HkQsn9</>
<sa:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<sa:SubjectConfirmationData
NotOnOrAfter="2007-02-10T06:37:41Z"
Recipient="https://sp1.zxidsp.org:8443/zxidhlo"/></></>
<sa:Conditions
NotBefore="2007-02-10T05:32:42Z"
NotOnOrAfter="2007-02-10T06:37:42Z">
<sa:AudienceRestriction>
<sa:Audience>https://sp1.zxidsp.org:8443/zxidhlo?o=B</></></>
<sa:Advice>
<!-- This assertion is the credential for the ID-WSF 1.1 bootstrap (below). -->
<sa:Assertion
ID="CREDOTGAkvhNoP1aiTq4bXBg"
IssueInstant="2007-02-10T05:37:42Z"
Version="2.0">
<sa:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#CREDOTGAkvhNoP1aiTq4bXBg">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>dqq/28hw5eEv+ceFyiLImeJ1P8w=</></></>
<ds:SignatureValue>UKlEgHKQwuoCE=</></>
<sa:Subject>
<sa:NameID/> <!-- *** Bug here!!! -->
<sa:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></>
<sa:Conditions
NotBefore="2007-02-10T05:32:42Z"
NotOnOrAfter="2007-02-10T06:37:42Z">
<sa:AudienceRestriction>
<sa:Audience>https://sp1.zxidsp.org:8443/zxidhlo?o=B</></></></></>
<sa:AuthnStatement
AuthnInstant="2007-02-10T05:37:42Z"
SessionIndex="1171085858-4">
<sa:AuthnContext>
<sa:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Password</></></>
<sa:AttributeStatement>
<!-- Regular attribute -->
<sa:Attribute
Name="cn"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<sa:AttributeValue>Sue</></>
<!-- ID-WSF 1.1 Bootstrap for discover. See also the Advice, above. -->
<sa:Attribute
Name="DiscoveryResourceOffering"
NameFormat="urn:liberty:disco:2003-08">
<sa:AttributeValue>
<disco:ResourceOffering
xmlns:disco="urn:liberty:disco:2003-08"
entryID="2">
<disco:ResourceID>
https://a-idp.liberty-iop.org/profiles/WSF1.1/RID-DISCO-sue</>
<disco:ServiceInstance>
<disco:ServiceType>urn:liberty:disco:2003-08</>
<disco:ProviderID>
https://a-idp.liberty-iop.org:8881/idp.xml</>
<disco:Description>
<disco:SecurityMechID>urn:liberty:security:2005-02:TLS:Bearer</>
<disco:CredentialRef>CREDOTGAkvhNoP1aiTq4bXBg</>
<disco:Endpoint>
https://a-idp.liberty-iop.org:8881/DISCO-S</></></>
<disco:Abstract>Symlabs Discovery Service Team G</></></></>
<!-- ID-WSF 2.0 Bootstrap for Discovery. The credential (bearer token) is inline. -->
<sa:Attribute
Name="urn:liberty:disco:2006-08:DiscoveryEPR"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<sa:AttributeValue>
<wsa:EndpointReference
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
notOnOrAfter="2007-02-10T07:37:42Z"
wsu:Id="EPRIDcjP8ObO9In47SDjO9b37">
<wsa:Address>
https://a-idp.liberty-iop.org:8881/DISCO-S</>
<wsa:Metadata>
<disco:Abstract
xmlns:disco="urn:liberty:disco:2006-08">SYMfiam Discovery Service</>
<sbf:Framework
xmlns:sbf="urn:liberty:sb"
version="2.0"/>
<disco:ProviderID
xmlns:disco="urn:liberty:disco:2006-08">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<disco:ServiceType
xmlns:disco="urn:liberty:disco:2006-08">urn:liberty:disco:2006-08</>
<disco:SecurityContext
xmlns:disco="urn:liberty:disco:2006-08">
<disco:SecurityMechID>urn:liberty:security:2005-02:TLS:Bearer</>
<sec:Token
xmlns:sec="urn:liberty:security:2006-08"
usage="urn:liberty:security:tokenusage:2006-08:SecurityToken">
<sa:Assertion
ID="CREDV6ZBMyicmyvDq9pLIoSR"
IssueInstant="2007-02-10T05:37:42Z"
Version="2.0">
<sa:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://a-idp.liberty-iop.org:8881/idp.xml</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#CREDV6ZBMyicmyvDq9pLIoSR">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>o2SgbuKIBzl4e0dQoTwiyqXr/8Y=</></></>
<ds:SignatureValue>hHdUKaZ//cZ8UYJxvTReNU=</></>
<sa:Subject>
<sa:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="https://a-idp.liberty-iop.org:8881/idp.xml">
9my93VkP3tSxEOIb3ckvjLpn0pa6aV3yFXioWX-TzZI=</>
<sa:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></>
<sa:Conditions
NotBefore="2007-02-10T05:32:42Z"
NotOnOrAfter="2007-02-10T06:37:42Z">
<sa:AudienceRestriction>
<sa:Audience>
https://a-idp.liberty-iop.org:8881/idp.xml</></></>
<sa:AuthnStatement
AuthnInstant="2007-02-10T05:37:42Z">
<sa:AuthnContext>
<sa:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Password</></></></></></></></></></></></></></></></>
100.2 ID-WSF 2.0 Call with X509v3 Sec Mech
------------------------------------------
<e:Envelope
xmlns:e="http://schemas.xmlsoap.org /soap/envelope/"
xmlns:b="urn:liberty:sb:2005-11"
xmlns:sec="urn:liberty:security:2005-11"
xmlns:wsse="http://docs.oasis-open.org/wss/20 04/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsa="http://www.w3.org/2005/08/ addressing">
<e:Header>
<wsa:MessageID wsu:Id="MID">123</>
<wsa:To wsu:Id="TO">...</>
<wsa:Action wsu:Id="ACT">...</>
<wsse:Security mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS"><wsu:Created>2005-06-17T04:49:17Z</></>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/0 1/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509Token"
EncodingType="http://docs.oas is-open.org/wss/2004/01/oasis- 200401-wss-soap-message-securiy-1.0#Base64Binary">
MIIB9zCCAWSgAwIBAgIQ...</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/x mldsig#">
<ds:SignedInfo>
<ds:Reference URI="#MID">...</>
<ds:Reference URI="#TO">...</>
<ds:Reference URI="#ACT">...</>
<ds:Reference URI="#TS">...</>
<ds:Reference URI="#X509">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Ru4cAfeBAB</></>
<ds:Reference URI="#BDY">
<ds:DigestMethod Algorithm="http://www.w3.org/ 2000/09/xmldsig#sha1"/>
<ds:DigestValue>YgGfS0pi56p</></></>
<ds:KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#X509"/></></>
<ds:SignatureValue>HJJWbvqW9E84vJVQkjDElgscSXZ5Ekw==</></></></>
<e:Body wsu:Id="BDY">
<xx:Query/></></>
The salient features of the above XML blob are
* Signature that covers relevant SOAP headers and Body
* Absence of any explicit identity token.
Absence of identity token means that from the headers it is not
possible to identify the taget identity. The signature generally
coveys the Invoker identity (the WSC that is calling the
service). Since one WSC typically serves many principals, knowing
which is impossible. For this reason X509 security mechanism is
seldom used in ID-WSF 2.0 world (with ID-WSF 1.1 the ResourceID
provides an alternative way of identifying the principal, thus making
X509 a viable option).
100.3 ID-WSF 2.0 Call with Bearer (Binary) Sec Mech
---------------------------------------------------
<e:Envelope
xmlns:e="http://schemas.xmlsoap.org /soap/envelope/"
xmlns:b="urn:liberty:sb:2005-11"
xmlns:sec="urn:liberty:security:2005-11"
xmlns:wsse="http://docs.oasis-open.org/wss/20 04/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsa="http://www.w3.org/2005/03/ addressing">
<e:Header>
<wsa:MessageID wsu:Id="MID">...</>
<wsa:To wsu:Id="TO">...</>
<wsa:Action wsu:Id="ACT">...</>
<wsse:Security mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS">
<wsu:Created>2005-06-17T04:49:17Z</></>
<wsse:BinarySecurityToken
ValueType="anyNSPrefix:ServiceSess ionContext"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64 Binary"
wsu:Id="BST">
mQEMAzRniWkAAAEH9RWir0eKDkyFAB7PoFazx3ftp0vWwbbzqXdgcX8fpEqSr1v4
YqUc7OMiJcBtKBp3+jlD4HPUaurIqHA0vrdmMpM+sF2BnpND118f/mXCv3XbWhiL
VT4r9ytfpXBluelOV93X8RUz4ecZcDm9e+IEG+pQjnvgrSgac1NrW5K/CJEOUUjh
oGTrym0Ziutezhrw/gOeLVtkywsMgDr77gWZxRvw01w1ogtUdTceuRBIDANj+KVZ
vLKlTCaGAUNIjkiDDgti=</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig #">
<ds:SignedInfo>
<ds:Reference URI="#MID">...</>
<ds:Reference URI="#TO">...</>
<ds:Reference URI="#ACT">...</>
<ds:Reference URI="#TS">...</>
<ds:Reference URI="#BST">...</>
<ds:Reference URI="#BDY">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "/>
<ds:DigestValue>YgGfS0pi56pu</></></>
...</></></>
<e:Body wsu:Id="BDY">
<xx:Query/></></>
100.4 ID-WSF 2.0 Call with Bearer (SAML) Sec Mech
-------------------------------------------------
<e:Envelope
xmlns:e="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:sb="urn:liberty:sb:2005-11"
xmlns:sec="urn:liberty:security:2005-11"
xmlns:wsse="http://docs.oasis-open.org/wss/20 04/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<e:Header>
<wsa:MessageID wsu:Id="MID">...</>
<wsa:To wsu:Id="TO">...</>
<wsa:Action wsu:Id="ACT">...</>
<wsse:Security mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS">
<wsu:Created>2005-06-17T04:49:17Z</></>
<sa:Assertion
xmlns:sa="urn:oasis:names:tc:SAML:2. 0:assertion"
Version="2.0"
ID="A7N123"
IssueInstant="2005-04-01T16:58:33.173Z">
<sa:Issuer>http://idp.symdemo.com/</>
<ds:Signature>...</>
<sa:Subject>
<sa:EncryptedID>
<xenc:EncryptedData>U2XTCNvRX7 Bl1NK182nmY00TEk==</>
<xenc:EncryptedKey>...</></>
<sa:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></>
<sa:Conditions
NotBefore="2005-04-01T16:57:20Z"
NotOnOrAfter="2005-04-01T21:42:4 3Z">
<sa:AudienceRestrictionCondition>
<sa:Audience>http://wsp.zxidsp.org</></></>
<sa:AuthnStatement
AuthnInstant="2005-04-01T16:57:30.000Z"
SessionIndex="6345789">
<sa:AuthnContext>
<sa:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</></></>
<sa:AttributeStatement>
<sa:EncryptedAttribute>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element">
mQEMAzRniWkAAAEH9RbzqXdgcX8fpEqSr1v4=</>
<xenc:EncryptedKey>...</></></></>
<wsse:SecurityTokenReference
xmlns:wsse11="..."
wsu:Id="STR1"
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
<wsse:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">
A7N123</></>
<ds:Signature>
<ds:SignedInfo>
<ds:Reference URI="#MID">...</>
<ds:Reference URI="#TO">...</>
<ds:Reference URI="#ACT">...</>
<ds:Reference URI="#TS">...</>
<ds:Reference URI="#STR1">
<ds:Transform Algorithm="...#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></></></>
<ds:Reference URI="#BDY"/></>
...</></></>
<e:Body wsu:Id="BDY">
<xx:Query/></></>
*** is the reference above to wsse11:TokenType really correct?
Note who the <Subject> and the attributes are encrypted such that only
the WSP can open them. This protects against WSC gaining knowledge of
the NameID at the WSP.
100.5 XACML 2.0 SAML Profile SOAP Call
--------------------------------------
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Body>
<xasp:XACMLAuthzDecisionQuery
xmlns:xasp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
ID="RX3eHFSEBW6-OnPG5sGV_EevU"
IssueInstant="2009-09-07T21:28:05Z"
Version="2.0">
<sa:Issuer xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion">https://sp1.zxidsp.org:5443/protected/saml?o=B</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#RX3eHFSEBW6-OnPG5sGV_EevU">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>F2r41OppQA2ZLsosLO6V9VNJ0J8=</></></>
<ds:SignatureValue>sAvByKH9--(snip)--HV+1oqcdUw=</></>
<xac:Request xmlns:xac="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<xac:Subject>
<xac:Attribute
AttributeId="permisRole"
DataType="xs:string"
Issuer="https://idp.tas3.pt:8443/zxididp?o=B">
<xac:AttributeValue>guest</></>
<xac:Attribute
AttributeId="permisRole"
DataType="xs:string"
Issuer="https://idp.tas3.pt:8443/zxididp?o=B">
<xac:AttributeValue>jesterbester</></>
<xac:Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="xs:string">
<xac:AttributeValue>FdGaMOmtJPfvK9dN64lWgKTOp</></></>
<xac:Resource>
<xac:Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="xs:string">
<xac:AttributeValue>/protected/env.cgi</></></>
<xac:Action>
<xac:Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="xs:string">
<xac:AttributeValue>urn:oasis:names:tc:xacml:1.0:action:implied-action</></></>
<xac:Environment>
<xac:Attribute
AttributeId="zxididp"
DataType="xs:string"
Issuer="https://idp.tas3.pt:8443/zxididp?o=B">
<xac:AttributeValue>0.33 1251217347</></>
<xac:Attribute
AttributeId="affid"
DataType="xs:string">
<xac:AttributeValue>https://idp.tas3.pt:8443/zxididp?o=B</></>
<xac:Attribute
AttributeId="authnctxlevel"
DataType="xs:string">
<xac:AttributeValue>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</></>
<xac:Attribute
AttributeId="sesid"
DataType="xs:string">
<xac:AttributeValue>S6QaJzAylXfkw1tFlrZSD9Zwr</></></></></></></>
<e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
<e:Body>
<sp:Response
xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="R-Dn3MxxJ0xo7jjOeVpC1aezO"
InResponseTo="RX3eHFSEBW6-OnPG5sGV_EevU"
IssueInstant="2009-09-07T18:48:03Z"
Version="2.0">
<sa:Issuer xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.tas3.pt:8443/zxididp?o=B</>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#R-Dn3MxxJ0xo7jjOeVpC1aezO">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>jdBsc0wOvJsBJCCc4eyq1bnG1u4=</></></>
<ds:SignatureValue>AZyw2fK5--(snip)--UTOSSov7kc=</></>
<sp:Status>
<sp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></>
<sa:Assertion
xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion"
ID="A73VuYGSDQ8MI-TUNk8PORrZT"
IssueInstant="2009-09-07T18:48:03Z"
Version="2.0">
<sa:Issuer>https://idp.tas3.pt:8443/zxididp?o=B</>
<sa:Conditions
NotBefore="2009-09-07T18:48:03Z"
NotOnOrAfter="2009-09-07T19:48:03Z"/>
<xasa:XACMLAuthzDecisionStatement xmlns:xasa="urn:oasis:xacml:2.0:saml:assertion:schema:os">
<xac:Response xmlns:xac="urn:oasis:names:tc:xacml:2.0:context:schema:os">
<xac:Result>
<xac:Decision>Permit</>
<xac:Status>
<xac:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/></></></></></></></></>
<<htmlpreamble: <title>ZXID Schemata</title><body bgcolor="#330033" text="#ffaaff" link="#ffddff" vlink="#aa44aa" alink="#ffffff"><font face=sans><h1>ZXID Schemata</h1> >>
<<if: ZXIDBOOK>>
<<else: >><<EOF: >>
<<fi: >>
( run in 0.827 second using v1.01-cache-2.11-cpan-71847e10f99 )