Subject: RE: [security-services] Web SSO <AuthnRequest> conformance
The current conformance spec only mandates REDIRECT for <AuthnRequest>. It mandates POST and Artifact for the <Response>. Rob Philpott Senior Consulting Engineer RSA Security Inc. Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:email@example.com > -----Original Message----- > From: Scott Cantor [mailto:firstname.lastname@example.org] > Sent: Tuesday, October 26, 2004 1:57 PM > To: 'Thomas Wisniewski'; email@example.com > Subject: RE: [security-services] Web SSO <AuthnRequest> conformance > > > Recognizing the size restrictions for redirects (I think it's > > around 2k for IE), since HTTP redirect is the only binding > > required, a conformant implementation CANNOT handle authn > > requests that are greater than 2k. > > I believe POST is also required. Am I wrong? > > > Was the reasoning based on > > the chance that authn requests (which would be b64 encoded > > and then url encoded), would not reach this size? > > My assumption was we required POST to handle that case. > > -- Scott > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to http://www.oasis- > open.org/apps/org/workgroup/security-services/members/leave_workgroup.ph p.