I think that's the core question: does the Visa spec call for handling their CDATA "id" attribute as if it were an ID? I don't know anything about the spec, except that it causes this question to arise periodically (occasionally inducing me to rant). Slava, can you point to it, or excerpt relevant sections?
> -----Original Message----- > From: Rich Salz [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 25, 2003 10:38 AM > To: Slava Kostin > Cc: [EMAIL PROTECTED] > Subject: Re: [xmlsec] XPATH and Visa 3D-secure specification > > > Are they doing something like this? > > <visa:PARes id="..."> > and then later on doing > <ds:Reference URI="#..." > Then according to the last paragraph of section 4.3.3.2, the PARes id > attribute *must* be an XML ID. > > The language is a little obscure, but if you read 4.3.3.2 and 4.3.3.3 > carefully, you will see that if dsig:Reference/@URI has a > "#", then it > is taken as a "barename XPointer". Which means that it can > only refer > to something that is a legal XML ID attribute. This is > XPointer, not XPath. > > VISA is non-conformant; the visa:PARes/@id attribute MUST be > of type ID, > and must conform to the syntax requirements of ID's. > /r$ _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
