[xmlsec] XPATH and Visa 3D-secure specification
Jesse Pelton
jsp@PKC.com
Thu, 25 Sep 2003 11:25:27 -0400
Right. I wasn't sure whether they were using the "id" as a Reference URI. I
now understand that they are, so they're out of compliance with the DSig
spec.
What I don't get now is 1) why they don't recognize their error and 2) how
they've gotten this far without correcting it. Maybe they just think
they're too big to be wrong. Has anybody other than Slava tried to
straighten them out?
> -----Original Message-----
> From: Rich Salz [mailto:rsalz@datapower.com]
> Sent: Thursday, September 25, 2003 11:15 AM
> To: Jesse Pelton
> Cc: Slava Kostin; xmlsec@aleksey.com
> Subject: Re: [xmlsec] XPATH and Visa 3D-secure specification
>
>
> > I think that's the core question: does the Visa spec call
> for handling their
> > CDATA "id" attribute as if it were an ID? I don't know
> anything about the
> > spec, except that it causes this question to arise periodically
> > (occasionally inducing me to rant). Slava, can you point
> to it, or excerpt
> > relevant sections?
>
> It doesn't matter; if they are using "URI=#..." in the
> Reference, then
> it must be an ID or they are not compliant with the DSIG spec.
> /r$