XML spec does not say that ID attribute should have name "Id". It can be anything (for example, I can have ID attribute with name like "ThisIsMyID"). The only way to identify the ID attribute is to mark it as such in DTD, XML Schema, or directly in application.
BTW, you might want to subscribe to xmlsec mailing list if you want to continue this discussion.
Best, Aleksey
Larry Bugbee wrote:
I did. ...but it didn't seem right and hence my note. I'm just trying to understand if indeed something needs fixing rather than a DTD workaround.
I didn't expect this issue to have a clean answer hence 'point/counterpoint'. One could even argue the W3C specification is incorrect. I'm inclined to think not, but who knows?
I believe an implementation of the W3C recommendation should not require the user to add a DTD simply to do same-document detached signatures. I haven't tested java or apache yet, but if what Andrew says is true, the DTD should not be necessary. A number of other programmers were expecting that to be the case given the postings I read.
What am I missing?
My thanks,
Larry
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
