[xmlsec] XPATH and Visa 3D-secure specification
jsp at PKC.com
Thu Sep 25 08:06:53 PDT 2003
I think that's the core question: does the Visa spec call for handling their
CDATA "id" attribute as if it were an ID? I don't know anything about the
spec, except that it causes this question to arise periodically
(occasionally inducing me to rant). Slava, can you point to it, or excerpt
> -----Original Message-----
> From: Rich Salz [mailto:rsalz at datapower.com]
> Sent: Thursday, September 25, 2003 10:38 AM
> To: Slava Kostin
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XPATH and Visa 3D-secure specification
> Are they doing something like this?
> <visa:PARes id="...">
> and then later on doing
> <ds:Reference URI="#..."
> Then according to the last paragraph of section 18.104.22.168, the PARes id
> attribute *must* be an XML ID.
> The language is a little obscure, but if you read 22.214.171.124 and 126.96.36.199
> carefully, you will see that if dsig:Reference/@URI has a
> "#", then it
> is taken as a "barename XPointer". Which means that it can
> only refer
> to something that is a legal XML ID attribute. This is
> XPointer, not XPath.
> VISA is non-conformant; the visa:PARes/@id attribute MUST be
> of type ID,
> and must conform to the syntax requirements of ID's.
More information about the xmlsec