•An artifact is
small. Sometimes the actual data is too large, so you send an artifact instead.
–Example:
recall the Web Browser SSO profile; CarRentalInc
sent an AuthnRequest (encoded) on the URL as a query parameter; URLs have a size limit; if the AuthnRequest was too large then you may opt to use an artifact.
•Oftentimes the
security information is exchanged via
an intermediary browser. By using an
artifact you put less data at risk
of being exposed.