OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: WAP limitations for GET and POST

I did a bit of Googling around, and also asked some of the WAP folks within
Baltimore what limitations we can expect on URLs and POST data.

According to http://www.allnetdevices.com/faq/?pair=07.014, existing
browsers can send in the range of 500-1000 bytes as a URL parameter (i.e.,
GET) and about 1300 bytes as POST data.

The short answer for the future is, "it depends..." Unfortunately, it looks
like each client is allowed to pick its own limits and report them as part
of the User Agent Profile. There's no way to nail down a limit that's
guaranteed to work for every client without testing them all.

The "Binary XML" bytecode representation (WAP-192) might be useful to
produce a compact form of SAML assertions, but I can't see us sorting out
the issues with it in time for SAML 1.0.

The WAP specifications are available at

Here's the reply I got to my query within Baltimore:

> As you already know the size of the information that you can be "post" or
> is somewhat small. The sizes you mention are consistent with some of the
> browsers (1300 bytes for a post). As a rule the amount of data that can be
> transferred from  a mobile device will remain limited when compared to a
> So it will always be handy to have a "constrained" profile of something
like SAML. 

> I found that using hidden fields and then POSTing them is a better way to
> information to the server (GETs tend to get truncate along the way :-) ).
All of
> this is WAP specific though. 

> Looking at the WAP standards:
> WAP-227 defines a persistent storage API accessible through WMLScript. No
> is made of a size limit.
> WAP-223 defines cookies - A minimum of 4 cookies of 125 bytes each are
> (there were some earlier mails on this)
> WAP-236 implies that the size of a WML document that can be handled can be
> from the UAProf (user agent profile) information - so the device should be
> to tell you what size of wml docs it will support
> WAP-192 defines something called binary XML (bytecode representation of
XML to
> keep size down... This may be of interest to you in the SAML context...
> WAP-230 specifies limits on message sizes (at last) - By the look of
> message sizes are negotiated between the server and client. It defaults to
> but may be more or less depending on the negotiation. I read somewhere
that the
> size limit is related to the IP packet size limit in the Ethernet world
> is just over 1500 bytes or so). Anyway a lot of phones can handle more
> days...

 - irving - 

The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC