[xmlsec] XPATH and Visa 3D-secure specification
Rich Salz
rsalz@datapower.com
Thu, 25 Sep 2003 10:38:27 -0400
Are they doing something like this?
<visa:PARes id="...">
and then later on doing
<ds:Reference URI="#..."
Then according to the last paragraph of section 4.3.3.2, the PARes id
attribute *must* be an XML ID.
The language is a little obscure, but if you read 4.3.3.2 and 4.3.3.3
carefully, you will see that if dsig:Reference/@URI has a "#", then it
is taken as a "barename XPointer". Which means that it can only refer
to something that is a legal XML ID attribute. This is XPointer, not XPath.
VISA is non-conformant; the visa:PARes/@id attribute MUST be of type ID,
and must conform to the syntax requirements of ID's.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html