Shibboleth Developers

["Tom Scavo" <>]

On 5/1/06, Scott Cantor 
<>
 wrote:
> > We did some informal side-by-side testing of Artifact+push vs.
> > POST+query a while back, and found that the Artifact+push case was
> > noticeably faster for us.  I suppose the amount of improvement probably
> > depends on the speed of the machines involved, though.
>
> It mainly depends on how you authenticate the callback and whether you sign
> for other uses. With signing, there will be little or no difference, in fact
> POST would be faster in most cases, just not by much.

Have you done experiments that suggest this is the case?  It would
seem that moving data via the front channel (two hops, with a browser
in the middle) would be more costly in general.  Indeed, from the time
the "we're redirecting you" message is displayed in the browser, there
is a one or two second delay before the final redirect.  This implies
there is some overhead involved in consuming the assertion at the
browser and/or the assertion consumer service.  Maybe most of that is
validating the signature at the ACS, I don't know.  In any event, I
don't see how POST can be any better than Artifact even under the best
of circumstances.

Tom