[xmlsec] XPATH and Visa 3D-secure specification
Rich Salz
rsalz at datapower.com
Thu Sep 25 08:22:51 PDT 2003
> <PARes id="ABC/D+">
> ....
> </PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> ....
> <Reference URI="#ABC/D+">
This is not conformant with the XML DSIG spec and XPath has nothing to
do with it. See sections 4.3.3.2 and 4.3.3.3; in particular, the final
example in 4.3.3.2 and the following quote from the start of 4.3.3.3
In a fragment URI, the characters are the number sign
('#') character conform to the XPointer syntax.
If you follow the link in the XML DSIG spec, you are redirected to a
newer W3C document, (the XPointer framework) which explains that this
must refer to an XML ID.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec
mailing list