<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="urn:uuid:f7eca768-59c0-11e0-bf7d-fbbaa0f3405c" IssueInstant="2004-12-05T09:22:05Z"> <saml:Issuer>https://cn.dataone.org/identity</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" SPProvidedID="CN=Some User,O=University One,C=US"> uid=jones,o=NCEAS,dc=ecoinformatics,dc=org </saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Address="10.0.45.21" /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2004-12-05T09:17:05Z" NotOnOrAfter="2004-12-05T09:27:05Z"> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2010-11-25T13:15:13Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> <!-- Note: One might also use X509 certs to authenticate, in which case the context class would be: urn:oasis:names:tc:SAML:2.0:ac:classes:X509 --> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" x500:Encoding="LDAP" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName"> <saml:AttributeValue xsi:type="xs:string">Tom</saml:AttributeValue> </saml:Attribute> <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" x500:Encoding="LDAP" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.4" FriendlyName="sn"> <saml:AttributeValue xsi:type="xs:string">Thumb</saml:AttributeValue> </saml:Attribute> <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" x500:Encoding="LDAP" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.26" FriendlyName="mail"> <saml:AttributeValue xsi:type="xs:string">someone@gmail.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" x500:Encoding="LDAP" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.5.1.1" FriendlyName="isMemberOf"> <saml:AttributeValue xsi:type="xs:string"> cn=staff,o=NCEAS,dc=dataone,dc=org </saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:SAML:2.0:profiles:session:sessionId" FriendlyName="sessionId" xsi:type="xs:string">urn:uuid:f7eca768-59c0-11e0-bf7d-fbbaa0f3405c </saml:Attribute> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:dataone:attributenames:equivalentIdentity" FriendlyName="equivalentIdentity" xsi:type="xs:string">mbjones@NCEAS </saml:Attribute> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:dataone:attributenames:equivalentIdentity" FriendlyName="equivalentIdentity" xsi:type="xs:string"> /DC=org/DC=cilogon/C=US/O=ProtectNetwork/CN=Matthew Jones A332 </saml:Attribute> </saml:AttributeStatement> </saml:Assertion>