On 11/3/11 11:21 AM, "Rhys Smith" <[email protected]> wrote: > >Could send a SAML artifact and then get the real, large, SAML assertion >by resolving the artifact over http on the issuing IdP?
Existing SAML 2.0 artifacts reference protocol messages, not assertions. That's not necessarily a problem, you can just wrap it in a Response. Whatever you do by reference also means an extra protocol stack, extra security considerations around the reference and the resolution process, and state management across clusters unless you complicate the model to get around it. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
