<visa:PARes id="...">
and then later on doing
<ds:Reference URI="#..."
Then according to the last paragraph of section 4.3.3.2, the PARes id attribute *must* be an XML ID.
The language is a little obscure, but if you read 4.3.3.2 and 4.3.3.3 carefully, you will see that if dsig:Reference/@URI has a "#", then it is taken as a "barename XPointer". Which means that it can only refer to something that is a legal XML ID attribute. This is XPointer, not XPath.
VISA is non-conformant; the visa:PARes/@id attribute MUST be of type ID, and must conform to the syntax requirements of ID's.
/r$
-- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
