[xmlsec] XPATH and Visa 3D-secure specification

Jesse Pelton jsp at PKC.com
Thu Sep 25 04:58:36 PDT 2003

Your quote from Visa's response shows your reference to the DSig spec.  Did
you also point out to them the ID validity constraint?  If not, maybe you
should; I'm not sure I'd assume they're familiar with XML basics.

It really would be best if they'd just produce documents that conform to the
specs, rather than forcing others to adopt their broken conventions.
Standards aren't useful if they're not followed (especially by large
entities like Visa).

As for the configuration question, I don't think you should be running "sh
configure" at all.  Have you read and followed the directions in

> -----Original Message-----
> From: Slava Kostin [mailto:sk_home at mail333.com] 
> Sent: Thursday, September 25, 2003 6:13 AM
> To: xmlsec at aleksey.com
> Subject: [xmlsec] XPATH and Visa 3D-secure specification
> Good afternoon, dear professionals!
> I have a question which might be boring to all forum readers. But I
> have to ask it ones more.
> In Visa 3D-secure DTD attribute "id" of tag <PARes> declared as
> Such declaration (using CDATA) does not allow to reference to element
> <PARes> from within attribute "URI" of tag <Reference>, defined in
> xmldsig-core (http://www.w3.org/TR/2001/CR-xmldsig-core-20010419).  
> Because of that reason I have to use DTD which defines attribute id
> like this: 
> But Visa sends attribute id containing digital symbols only. This is
> not correct from the point of view of XML and XPATH specifications
> (http://www.w3.org/TR/REC-xml#sec-attribute-types).
> And this is an answer from Visa experts on my question:
> ===
> "Such declaration (using CDATA) does not allow to reference to element
> <PARes> from within attribute "URI" of tag <Reference>, defined
> in>xmldsig-core (http://www.w3.org/TR/2001/CR-xmldsig-core-20010419)."
>     Looking at the xmldsig-core, we do not see any assertion of the
> above statement. Our guess is that the above reference 
> processing model
> is prevented by XPATH. However, the CTH and the core 3DSecure
> specifications do not support XPATH processing.
> ===
> May be you have any ideas about how to sign and verify documents
> declaring "id"-attribute as CDATA or how to work around XPATH
> constraints (or may be even how to work without XPATH)?
> One of the ways is to "patch" libxml2 by myself to make it work with
> ID's "differently". I don't like such decision but possibly I'll have
> to do that. So, may be you can help me to make such patch without
> terrible side-effects? Aleksey told me he had made such patch and it
> has to be somewhere in libxml2 forum in march-april of 2003... It is
> shameful, but I can't find those patch. Can somebody repost those
> patch in forum or to my private mail?
> And also I want to wander from the subject a little. Can you help me
> to compile libxml2 under Win32 using MS Visual C++ 6.0 compiler
> (Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for
> 80x86)? During the running "sh configure" there's an error occured:
> "configure: error: no acceptable ld found in $PATH". But I have no ld
> under Windows. Can you help me?
> Sorry for the lame questions :-)
> -- 
> Best regards,
>  Slava                          mailto:sk_home at mail333.com
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list