Reputation: 179
Why are Atom (RSS) id's globally unique, instead of locally?
I can't make sense of why the Atom spec requires every single entry to have a globally (the entire universe for all time) unique ID. I understand that it's technically possible, but aren't collisions still possible?
If not accidental, definitely malicious collisions could occur. I could choose a New York Times article, and give my spoof site article the same id in it's entry. Thus nullifying any function served, and possibly causing damage.
Why not just have a unique url of the feed, which is easy/safe because it's centrally confirmed by DNS, and then within each feed have locally unique IDs. It's in that author's best interest to maintain their own scheme of non-colliding IDs, and even if they do collide, it doesn't affect some other site's uniqueness.
Pls explain :)
Related question - if there's already a link field in every entry, why does the spec recommend (as one option) to use a link in the id field. Atom was supposed to fix these RSS inconsistencies :)
Upvotes: 2
Views: 770
Answers (2)
Reputation: 31087
Why not just have a unique url of the feed, which is easy/safe because it's centrally confirmed by DNS, and then within each feed have locally unique IDs.
This point was discussed during the Atom spec drafting, and using URLs as you suggest was a popular position. However, using separate IDs allows feeds and entries to move (for example, see How do you generate a good ID in ATOM documents?).
If you change your feed's base URL, you would need to either change all entry IDs or ensure that redirections from the old URLs were in place. This might be impossible if you no longer controlled the original site.
if there's already a
linkfield in everyentry, why does the spec recommend (as one option) to use alinkin the id field.
Exactly because, after a move, they would no longer match.
Any publisher that sees their URLs as permanent global identifiers is free to use them as IDs; in this way, the current spec aims to allow both behaviours.
If not accidental, definitely malicious collisions could occur.
In theory, this allows a feed reader to treat items that appear in multiple feeds as identical. In practise, I'm not aware of much software that trusts IDs to be global, leaving them effectively feed-level.
Upvotes: 1
Reputation: 5804
UUIDs provide a mechanism to have non-colliding, global identifiers; see RFC4122.
This allows different feeds (or authors) to talk about the same thing. It isn't a security measure, however; as you point out, people can assert something that isn't true.
Upvotes: 0
Related Questions
- Can an RSS guid be considered globally unique?
- Consuming Atom feeds: how does it work?
- What are ramifications of changing RSS item GUID or Atom entry id?
- Is the atom:id element unique per physical feed, or logical feed?
- Setting entry id with Rails' atom_feed helper
- How to handle non unique item GUIDs/IDs in an RSS feed?
- How do you generate a good ID in ATOM documents?
- Are RSS guids actually expected to be _globally_ unique?
- Google Reader's Feed Unique ID
- Can RSS GUIDs contain hashes?