[xmlsec] XPATH and Visa 3D-secure specification

Jesse Pelton jsp@PKC.com
Thu, 25 Sep 2003 07:58:36 -0400


Your quote from Visa's response shows your reference to the DSig spec.  Did
you also point out to them the ID validity constraint?  If not, maybe you
should; I'm not sure I'd assume they're familiar with XML basics.

It really would be best if they'd just produce documents that conform to the
specs, rather than forcing others to adopt their broken conventions.
Standards aren't useful if they're not followed (especially by large
entities like Visa).

As for the configuration question, I don't think you should be running "sh
configure" at all.  Have you read and followed the directions in
win32\readme.txt?

> -----Original Message-----
> From: Slava Kostin [mailto:sk_home@mail333.com] 
> Sent: Thursday, September 25, 2003 6:13 AM
> To: xmlsec@aleksey.com
> Subject: [xmlsec] XPATH and Visa 3D-secure specification
> 
> 
> Good afternoon, dear professionals!
> 
> I have a question which might be boring to all forum readers. But I
> have to ask it ones more.
> 
> In Visa 3D-secure DTD attribute "id" of tag <PARes> declared as
> <!ATTLIST PARes id CDATA #REQUIRED>
> 
> Such declaration (using CDATA) does not allow to reference to element
> <PARes> from within attribute "URI" of tag <Reference>, defined in
> xmldsig-core (http://www.w3.org/TR/2001/CR-xmldsig-core-20010419).  
> 
> Because of that reason I have to use DTD which defines attribute id
> like this: 
> <!ATTLIST PARes id ID #REQUIRED>
> 
> But Visa sends attribute id containing digital symbols only. This is
> not correct from the point of view of XML and XPATH specifications
> (http://www.w3.org/TR/REC-xml#sec-attribute-types).
> 
> And this is an answer from Visa experts on my question:
> 
> ===
> "Such declaration (using CDATA) does not allow to reference to element
> <PARes> from within attribute "URI" of tag <Reference>, defined
> in>xmldsig-core (http://www.w3.org/TR/2001/CR-xmldsig-core-20010419)."
> 
>     Looking at the xmldsig-core, we do not see any assertion of the
> above statement. Our guess is that the above reference 
> processing model
> is prevented by XPATH. However, the CTH and the core 3DSecure
> specifications do not support XPATH processing.
> ===
> 
> May be you have any ideas about how to sign and verify documents
> declaring "id"-attribute as CDATA or how to work around XPATH
> constraints (or may be even how to work without XPATH)?
> 
> One of the ways is to "patch" libxml2 by myself to make it work with
> ID's "differently". I don't like such decision but possibly I'll have
> to do that. So, may be you can help me to make such patch without
> terrible side-effects? Aleksey told me he had made such patch and it
> has to be somewhere in libxml2 forum in march-april of 2003... It is
> shameful, but I can't find those patch. Can somebody repost those
> patch in forum or to my private mail?
> 
> And also I want to wander from the subject a little. Can you help me
> to compile libxml2 under Win32 using MS Visual C++ 6.0 compiler
> (Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for
> 80x86)? During the running "sh configure" there's an error occured:
> "configure: error: no acceptable ld found in $PATH". But I have no ld
> under Windows. Can you help me?
> 
> Sorry for the lame questions :-)
> 
> -- 
> Best regards,
>  Slava                          mailto:sk_home@mail333.com
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec@aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>