El 12/02/13 17:07, Cantor, Scott escribió: > On 2/12/13 10:42 AM, "Bernard Aboba" <[email protected]> wrote: > >> Let me ask a potentially stupid question: >> >> Why can't we send a URL pointing to the {SAML Assertion, Certificate} >> instead of sending the data itself? > In addition to all of Alan's comments, there's the fact that you have to > secure the exchange over the URL, or punt and rely on artifact-style > short-lived references as a replacement for securing it. And probably sometimes, URL making use of HTTP+TLS negotiation could require more roundtrips than fragmented attributes. > -- Scott > > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab
-- ---------------------------------------------------------------- Gabriel Lpez Milln Departamento de Ingeniera de la Informacin y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected] _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
