- From: Erik Wilde <notifications@github.com>
- Date: Thu, 21 Apr 2016 17:07:00 -0700
- To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
- Cc:
- Message-ID: <w3c/browser-payment-api/issues/150/213166989@github.com>
On 2016-04-21 14:27, ianbjacobs wrote: > @dret <https://github.com/dret>, > My personal view is that: > * the primary computation on these identifiers will be equivalence > testing. very good. that's what identifiers are for. > * it is useful to ALSO be able to dereference them. I have tried to > make the case for using URIs and dereferencing them to get the > relevant payment method specification. I have not converted many people. one of my hobbies is to preach about the difference between identifiers and locators. conflating these concepts sometimes can be a bad idea. my view is that in this case, what you want is an identifier, and nothing more. *if* the spec uses URIs are the identifier namespace, then nothing keeps people from using HTTP URIs, but personally, if i minted such an identifier, i'd use a URN, making clear that's it's just an identifier, and then would publish a spec that defines that URN. > @adrianba <https://github.com/adrianba> and perhaps others have cited > the risk of high-volume (and likely unnecessary) dereferencing. yup. and the question is what it buys you. if, as @adrianba pointed out, it is highly unlikely that the URI dereferences to something that allows a client to on-the-fly learn new payment schemes, then all a HTTP URI buys you is a potential DDOS problem that if it goes dark very well may take a substantial share of badly implemented clients down with it that depend on the URI actually responding. that's quite a high risk for not that much reward. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/browser-payment-api/issues/150#issuecomment-213166989
Received on Friday, 22 April 2016 00:07:30 UTC