1.3.1 Query String Response Transfer Protocol

The scripting capability for forms submittal is not specified as part of HTTP [RFC2616]; consequently, not all web browser requestor implementations support forms submittal as recommended for wsignin1.0 responses in [MS-MWBF] section 2.1. In addition, the RequestSecurityTokenResponse (RSTR) can be too large to be transferred in a single HTTP GET message. The Query String Response Transfer Protocol addresses these issues by eliminating the web browser requestor requirement for scripting support.

When using the Query String Response Transfer Protocol, the wsignin1.0 message exchange in [MS-MWBF] is replaced by a series of wsignin1.0 message exchanges. In [MS-MWBF], the RSTR is transmitted using a single HTTP POST message. The Query String Response Transfer Protocol transmits the RSTR in pieces in query string parameters using multiple HTTP GET messages. The relying party accumulates the pieces from the responses in the series to produce an aggregated result. When the relying party has accumulated all the pieces, it extracts the RSTR from the aggregated result.