On 11/3/11 9:19 AM, "Gabriel López" <[email protected]> wrote: >yes, I was thinking in the size of the SAML assertion and the limit of >4096 bytes commented by Alejandro in the last email. The XMLSignature >would increase considerably the message size.
The only dramatic size increase comes from putting the certificate in the message. If you don't do that (as in, you don't use PKIX), then it isn't really that large. >>This makes sense (kind of like Kerberos constrained delegation where the >>authorisation data is signed). But it could be optional? >not sure about that Not optional in the sense that it would be used as if it were signed, just optional meaning not all assertions would have that capability. As in fact they wouldn't. You can't just sign the assertion and magically treat it as a reusable token. Well, you can, but those people are ignoring the standard. Other content is also needed or you have a very lax model. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
