On 10 May 2005, at 04:23, Antone Roundy wrote:
On Monday, May 9, 2005, at 07:52 PM, Eric Scheid wrote:
Yes, I acknowledged that a little after "why not?". So we have a tradeoff--greater permanence vs. greater resistance to spoofing. In my opinion, protection against spoofing is more valuable, in part because I expect most feed URIs to be stable enough that their changing won't be a significant issue. Also because things like the volume of SPAM that gets sent to me convince me that people WILL exploit atom:id's spoofability to DOS others' entries. I'm open to experience and reasoning to the contrary, but at this point, that's my position.rel="self" is in no way a substitute for an identifier
Why not?
the uri can change.
I am starting agree a little hesitantly with that position.
For either a feed or an entry there has to be a url that is used to DELETE, PUT, or GET it.
These actions being available automatically give clients a handle on the identity of the resource.
If the id is just a string to be shoved around with no means of verifying it in this way,
making it possible to be spoofed, then all trust in it will vanish and inevitably the role
of identity will go to whatever enables actions such as DELETE, PUT and GET.
Now perhaps in a p2p world it makes sense to GET a url such as <tag:example.org,2003:3.2397>
and so that our language is just being open to new protocols. (Can a P2P network allows PUTs
and DELETE on such a url?)
I say I am agreeing hesitantly, because the idea of having an id that would allow one to move
one's feed or entry from one server to another seems very appealing. But perhaps there will
be other methods of noting such a move that will be more effective. One such way would be
for the old moved url to send http redirects to the new one. One could also choose one's
blog service provider by asking for a contract where they agree to provide such a redirect on
all one's entries in case one wishes to move.
Henry
