- Authentication:- The assertion subject was authenticated by a particular means at a particular time.
- Authorization Decision:- A request to allow the assertion subject to access the specified resource has been granted or denied.
- Attribute:- The assertion subject is associated with the supplied attributes.
<Signature> (Optional):- An XML Signature that protects the integrity of and authenticates the issuer of the assertion.
<Subject> (Optional):- The subject of the statement(s) in the assertion.
<Conditions> (Optional):- Conditions that MUST be evaluated when assessing the validity of and/or when using the assertion.
<Advice> (Optional):- Additional information related to the assertion that assists processing in certain situations but which MAY be ignored by applications that do not understand the advice or do not wish to make use of it.
Zero or more of the following statement elements:
- <Statement>
- <AuthnStatement>:- An authentication statement.
- <AuthzDecisionStatement>:- An authorization decision statement.
- <AttributeStatement>:- An attribute statement.
Otherwise <Subject>, if present, identifies the subject of all of the statements in the assertion. If <Subject> is omitted, then the statements in the assertion apply to a subject or subjects identified in an application- or profile-specific manner. SAML itself defines no such statements, and an assertion without a subject has no defined meaning in this specification.
<Version> (Required):- Version of the assertion. "2.0" for SAML 2.0.
<ID> (Required):- The identifier for this assertion.
<IssueInstant> (Required):- The time instant in UTC.
SAML 2.0 Core Spec [PDF], OASIS Security Services (SAML) TC
