[xmlsec] XPATH and Visa 3D-secure specification
rsalz at datapower.com
Thu Sep 25 07:38:27 PDT 2003
Are they doing something like this?
and then later on doing
Then according to the last paragraph of section 188.8.131.52, the PARes id
attribute *must* be an XML ID.
The language is a little obscure, but if you read 184.108.40.206 and 220.127.116.11
carefully, you will see that if dsig:Reference/@URI has a "#", then it
is taken as a "barename XPointer". Which means that it can only refer
to something that is a legal XML ID attribute. This is XPointer, not XPath.
VISA is non-conformant; the visa:PARes/@id attribute MUST be of type ID,
and must conform to the syntax requirements of ID's.
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec