84
Back to the Airline/CarRental Example
•When the Airline service creates the Authentication assertion it embeds a SubjectConfirmation element within the assertion.
<Assertion>
      …
      <Subject>
              <NameID Format="urn:oasis:names:tc:1.1:nameid-format:emailAddress">
                  j.doe@acompany.com
              </NameID>
              <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                      <SubjectConfirmationData Recipient="https://www.CarRentalInc.com"
                                                                      NotOnOrAfter="2005-01-31T13:00:00Z">
                      </SubjectConfirmationData>
              </SubjectConfirmation>
      </Subject>
      …
</Assertion>