On Feb 1, 2005, at 4:48 AM, Sam Ruby wrote:
Roy T. Fielding wrote:There is no reason to require any particular comparison algorithm. One application is going to compare them the same way every time. Two different applications may reach different conclusions about two equivalent identifiers, but nobody cares because AT WORST the result is a bit of inefficient use of storage.
It is worse than that. To give a concrete example: Radio Userland's aggregator will not present to you an item that you have seen before, no matter how different the current content is.
So, at worst, if two different feeds use the same id, then the first one received will eclipse all later ones. How does requiring a specific comparison algorithm change that? The goal should be different ids, not jumping through hoops to artificially differentiate between equivalent URIs.
Besides, I don't think that existing sites with obvious security holes should be used as an example for format requirements, unless said requirements are going to close those holes.
....Roy
