OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Web SSO <AuthnRequest> conformance

> Here's a very trivial request (ids are very short) that is 
> around 800 chars (base 64 encoding and url encoding will add 33%, and make

> this around 1150chars). I guess dig sig is not really required (that would
> increase size drastically).

Well, that isn't optimized, I can see several things that aren't needed
there. But yes, the goal was to insure that a commonly used minimal subset
of messages would fit, not that everything would.

> The request can also have SubjectConfirmation, Conditions, AuthContext
> stuff, IsPassive, ForceAuthn, AssertionConsumerServiceIndex and URL,
> ProviderName, etc... which can hit a 2k limit.

Note that conditions, SubjectConfirmation, etc are unlikely to be used in
the browser SSO use case. They're legal, yes, but not common. We included
them because it facilitated a more uniform way of addressing SSO across
other use cases.

But I think we both agree that there should be a MTI binding for this that
does support *any* message allowed. And POST is IMHO the simpler of the two
bindings that supports this, although I've always been biased on that issue.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]