Hmph. Visa's case, I guess, is that their "id" attribute is not an ID.
Sorry, I missed the first part of the thread. How is VISA referring to the not-quite ID attribute? It's okay to use XPointer, but if they're doing "#foo" where foo is one of their CDATA attributes, I don't think that's legal.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
