[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Web SSO <AuthnRequest> conformance
On Oct 26, 2004, at 6:31 PM, Thomas Wisniewski wrote: > That was it exactly. Perhaps the size limits are fairly large > (typically > closer to 2k at least), and for conformance (and interop), only "small" > <AuthnRequest>s are handled. > > Here's a very trivial request (ids are very short) that is around 800 > chars > (base 64 encoding and url encoding will add 33%, and make this around > 1150 > chars). I guess dig sig is not really required (that would increase > size > drastically). You're forgetting the deflate encoding step. The actual numbers for your example are: <samlp:AuthnRequest Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" ID="_9494578B5BDA829CF967D5AAA5DFA158C2A85EEF" IssueInstant="2004-10-26T17:56:02Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="" SPNameQualifier="" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> idp </saml:Issuer> <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="sp.company.com"/> </samlp:AuthnRequest> xml length=776 deflated length=366 base64=eJydkl9LwzAUxd/9FCE+r+nquq1hE7LVwcCJOhHxRWIat0ibxNyUbt/etCoK/ kOfAjeHe875cSfA q9JSVvutvpRPtQSP5kaD1H6Ka6ep4aCAal5JoF7QNVud0iSKqXgR0VqDlUI9KFlgtMyn+C4b ZIN0 NJ6ls5yNk2y+yIajPGWMpfmC9dPxPGHj9ORkEeQAtVxq8Lx1S+J40OvHvWR41R/ RdEjj5Baja+lA GR2+oxijXVVq+DmYdcYbYcpXMS2Cfuu9pYQ0TRM1R5FxGxLMYhJnJGgKUJvDN3WH428GO1Df OPTJ zep0Lbay4j3V1RQSHx9MWhPalXdoYVzFf2HdTlTRe+ikNFBXfo/RWZhe1Lxs2bspxmh9/ mn0Xupn Bw4gnQ+cQzyEVGEPJuRDyrfM6/r+UQr/ j7XkdYWlbcZlfm5KJfaIlaVp5k5yL6fYu1rifwCx7YmA D1y+YAA2EqayXO/bt8tBPt/88TOfzQYS base64 length=494 Of course, there are number of unnecessary attributes/elements in your example. Pruning those, I get: <samlp:AuthnRequest Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" ID="_9494578B5BDA829CF967D5AAA5DFA158C2A85EEF" IssueInstant="2004-10-26T17:56:02Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">idp</saml: Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" SPNameQualifier="sp.company.com"/></samlp:AuthnRequest> xml length=521 deflated length=291 base64=eJydkU1rwzAMhv+K8b1tGuo2EU3ATRoobKP7YIddhkldZnBsz7LZ+u8Xt5fu0sFOA umV3kfSGsWg HfAYPsyT/IwSA2msQWlCRaM3YAUqBCMGiRB6eOb3d5BPM+gvIogGnezVUckDJbu2ou/ lolywVbFh m5YXedl05XLVMs45azs+Z0WT84Jtt90oR4xyZzCI5JZn2WIyzyb58mW+AraELH+j5FV6VNaM 5WlG yfegDcKZ+Tae8zbY3mpar5MazlaedNYP4o/NUkYdJsezFMYdVThdO9/ uFojSh5GY1urg1rMr9wuK g4exadfurVb9iXCt7VfjpQiyosFHSf8B6dKRMIyslDzv0/ zHKHR6iq8oumlvByfMKUU6qy9Qv59e /wCgK7Ei base64 length=393 Not to say that POST shouldn't be MTI, but I don't think the URL encoding is really as bad as you think it is. -Greg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]