[xmlsec] XPATH and Visa 3D-secure specification

Jesse Pelton jsp at PKC.com
Thu Sep 25 08:25:27 PDT 2003


Right. I wasn't sure whether they were using the "id" as a Reference URI.  I
now understand that they are, so they're out of compliance with the DSig
spec.

What I don't get now is 1) why they don't recognize their error and 2) how
they've gotten this far without correcting it.  Maybe they just think
they're too big to be wrong.  Has anybody other than Slava tried to
straighten them out?

> -----Original Message-----
> From: Rich Salz [mailto:rsalz at datapower.com] 
> Sent: Thursday, September 25, 2003 11:15 AM
> To: Jesse Pelton
> Cc: Slava Kostin; xmlsec at aleksey.com
> Subject: Re: [xmlsec] XPATH and Visa 3D-secure specification
> 
> 
> > I think that's the core question: does the Visa spec call 
> for handling their
> > CDATA "id" attribute as if it were an ID?  I don't know 
> anything about the
> > spec, except that it causes this question to arise periodically
> > (occasionally inducing me to rant).  Slava, can you point 
> to it, or excerpt
> > relevant sections?
> 
> It doesn't matter; if they are using "URI=#..." in the 
> Reference, then 
> it must be an ID or they are not compliant with the DSIG spec.
> 	/r$



More information about the xmlsec mailing list