[xmlsec] XPATH and Visa 3D-secure specification

Aleksey Sanin aleksey at aleksey.com
Thu Sep 25 08:34:41 PDT 2003 

Well, this is not quite true. I looked into this question and there is a 
clause in XPointer
spec that allows this:
       http://www.w3.org/TR/xptr-framework/#shorthand

      A shorthand pointer, formerly known as a barename, consists of an 
NCName alone. It identifies
     at most one element in the resource's information set; 
specifically, the first one (if any) in document
     order that has a matching NCName as an identifier. The identifiers 
of an element are determined
     as follows:

   1.

      If an element information item has an attribute information item
      among its *[attributes]* that
      is a schema-determined ID, then it is identified by the value of
      that attribute information item's
      *[schema normalized value]* property;

   2.

      If an element information item has an element information item
      among its *[children]* that is
      a schema-determined ID, then it is identified by the value of that
      element information item's
      *[schema normalized value]* property;

   3.

      If an element information item has an attribute information item
      among its *[attributes]* that is
      a DTD-determined ID, then it is identified by the value of that
      attribute information item's
      *[normalized value]* property.

   4.

      An element information item may also be identified by an
      externally-determined ID value.

    ....

    [Definition: An *externally-determined ID* is a string, representing 
an element identifier, whose value is
    determined by the application through mechanisms outside the scope 
of this specification.]


Note option 4) and definition for it :( Of course, this is not 
interoperable solution. But when I had
a private chat about that with one Visa3D guys he basically said that 
the system they use internally
has no problems thus they don't care.

It's sucks but I don't see any option other than hacking LibXML2. Of 
course, this is a worst idea
one can ever imagine but that's all I have.


Aleksey



Rich Salz wrote:

>> <PARes id="ABC/D+">
>> ....
>> </PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> ....
>> <Reference URI="#ABC/D+">
>
>
> This is not conformant with the XML DSIG spec and XPath has nothing to 
> do with it.  See sections 4.3.3.2 and 4.3.3.3; in particular, the 
> final example in 4.3.3.2 and the following quote from the start of 
> 4.3.3.3
>      In a fragment URI, the characters are the number sign
>      ('#') character conform to the XPointer syntax.
>
> If you follow the link in the XML DSIG spec, you are redirected to a 
> newer W3C document, (the XPointer framework) which explains that this 
> must refer to an XML ID.
>
>     /r$

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20030925/c0916e48/attachment.htm

More information about the xmlsec mailing list