117
<AuthzDecisionQuery
xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
Version="2.0"
IssueInstant="2005-01-31T13:00:00Z"
Destination="http://www.AirlineInc.com"
ID="eeaadce312"
Resource="http://www.CarRentalInc.com/employees/salaries">
<Subject
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<NameID
Format="urn:oasis:names:tc:1.1:nameid-format:emailAddress">
j.doe@acompany.com
</NameID>
</Subject>
<Action
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc-negation">
Read
</Action>
<Action
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
Namespace="urn:oasis:names:tc:SAML:1.0:action:rwedc-negation">
Write
</Action>
</AuthzDecisionQuery>
"Should the subject (j.doe@acompany.com) be
allowed to read the resource (employee salaries)?"
"Should the subject (j.doe@acompany.com) be
allowed to write the resource (employee salaries)?"
