[xmlsec] XPATH and Visa 3D-secure specification
aleksey at aleksey.com
Thu Sep 25 09:43:18 PDT 2003
> It's sucks but I don't see any option other than hacking LibXML2. Of
> course, this is a worst idea
> one can ever imagine but that's all I have.
I had some time to think about that while I was driving to work and
probably there is
a better option. If someone is interested in investigating/implementing
it then don't
forget that contributions are welcome :)
So, why do we have this problem? There are few reasons:
0) Visa protocol does not declare id attribute as ID in DTD/schemas.
1) Visa sends out id attributes in the random string form (I guess
programmer just wrote a code to produce id's using rand() and base64()
functions :) ).
2) If id attribute is declared as ID in DTD/schema then LibXML2
validity of this attribute.
3) LibXML2 Xpointer (Xpath) functions do not like when id attribute
a digit (libxml2 thinks that this is a number) or has '+' inside
(libxml2 thinks that
someone is trying to add something to something).
3) xmlsec uses xpointer (xpath) to resolve "#ID" URIs.
It does not sound like we can change 0) or 1). And we don't like an
option of changing 2) or 3).
Thus lets explore if we can change 4).
LibXML2 keeps a list of ID attributes internaly (xmlGetID/xmlAddID).
Thus one who wants to
resolve ID attributes "by hand" can do it. The only thing is that you
- Change xmlsec code to understand that "#ID" is not
"#xpointer(...)" or "#xmlns(...)"
(and probably, not something like "#something(...)" in general) and
if it is the case,
call xmlGetID() instead of XPointer functions.
- Do register the functions IDs in LibXML2 manually (xmlAddID).
This is a hack. For example, I would not expect this to ever work with
xmlsec command line
tool (remember that you need to call xmlAddID manually because of item
2) above). I don't like
it at all. But Visa3D is an important use case. Thus I think that it's
acceptable to have this hack
in xmlsec. As I wrote before, if anyone interested, feel free to submit
a patch. Search for
"xpointer" in src/transform.c" file. There is only one function that
needs to be changes in xmlsec.
If you will do it then please put a comment there with explanations why
it was decided to use xmlGetID
directly instead of using xpointers.
With best regards,
More information about the xmlsec