1 Introduction

This specification extends the Microsoft Web Browser Federated Sign-On Protocol described in [MS-MWBF]. It is assumed that the reader is familiar with its terms, concepts, and protocols.

The extensions defined in this specification enable web browser requestors that do not support scripting (to create POST messages) and enable passing security identifiers (SIDs) in Security Assertion Markup Language (SAML) 1.1 assertions. These extensions are referred to, respectively, as the Query String Response Transfer Protocol and the SAML 1.1 Assertion Extension.

The Microsoft Web Browser Federated Sign-On Protocol specifies the use of HTTP POST to transmit the wsignin1.0 result. The use of HTTP POST requires web browser requestors to support scripting for automated form submittal, but web browser requestors do not always have scripting support. The Query String Response Transfer Protocol provides a method for using a series of HTTP GET messages instead of a single HTTP POST to transmit the result of a wsignin1.0 action. This eliminates the scripting requirement for the web browser requestor. That is, the extension increases the number of messages needed to perform a wsignin1.0 action to avoid the POST message.

The SAML 1.1 Assertion Extension is an extension of the Microsoft Web Browser Federated Sign-On Protocol that specifies a method for transmitting SIDs as elements in SAML advice.

Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.