On Aug 31, Mark Morgan modulated:
I have to admit that I am confused as to what makes adding an abstract name to an EPR so much of a burden. I know that Andrew and I are talking about something very lightweight (perhaps just generating a GUID when the EPR is generated). So, in the technical sense, it's extra work that needs to be done, but in my mind it's far less honerous then writing good comments for your code and I think everyone would agree that the benefits of doing so far outweight the burden. In this case, AbstractNames give a potentially huge benefit for a line or two of code. Why is this such a big deal?
-Mark
Mark: In reflecting on this a bit, I personally would like to hear comments from the security crowd. It sounds like the main difference in having this GUID is, as I tried to summarize earlier, that someone can compare EPRs or otherwise reason about service identities without consulting the referenced service. What are the ramifications for security and system stability? What happens if someone uses a poor implementation or malicously puts GUIDs into EPRs such that they alias other services? Do we have signature validation for EPRs? I guess this depends on the "culture" that would emerge around consumption and use of these GUIDs... I wonder if there are unspoken architectural assumptions here that are at the heart of the debate? karl -- Karl Czajkowski karlcz@univa.com