[xmlsec] XPATH and Visa 3D-secure specification

Jesse Pelton jsp at PKC.com
Thu Sep 25 09:02:51 PDT 2003

But it isn't working for anyone but Visa!  They're forcing other people to
work around their mistakes.

They clearly don't have much motivation to fix the problem.  Did you get the
sense that they have some motivation NOT to fix it?  Presumably issuing a
new DTD or schema would require them to implement processors that would
handle existing broken documents with the old DTD and new, correct documents
that have the new DTD.  Maybe they don't want to invest the resources, since
it isn't causing them any pain.

They ought to understand that failure to fix the problem will slow
development of software that supports their standard, and whatever software
gets developed will be more complex (and therefore less reliable) than it
needs to be, because it'll have "special case" logic.

Note that Aleksey's discovery of the externally-determined ID escape clause
in XPointer doesn't affect this argument.  Even if what they're doing is
legal, it unnecessarily requires additional, non-standard code.

> -----Original Message-----
> From: Jacek Nowacki [mailto:jacekn at polcard.com.pl] 
> Sent: Thursday, September 25, 2003 11:43 AM
> To: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XPATH and Visa 3D-secure specification
> > What I don't get now is 1) why they don't recognize their 
> error and 2) how
> > they've gotten this far without correcting it.  Maybe they 
> just think
> > they're too big to be wrong.  Has anybody other than Slava tried to
> > straighten them out?
> Yes, I have sent a question to them about this about a week 
> ago, after Mr Sanin has responded to my question on this 
> mailing list (thread "Reference URI: ID vs CDATA"). Visa have 
> responded that they agree that it would be better if their 
> specs define this attribute as "ID" from the beginning. But 
> they decided not to change it, because they see that 
> everything is working in practice. 

More information about the xmlsec mailing list