[Zope-CMF] Re: cmfuid

Chris McDonough chrism at plope.com
Tue Nov 23 19:52:06 EST 2004 

On Tue, 2004-11-23 at 18:19, Tim Hoffman wrote:
> HI Chris
> 
> 
> > Maybe, I guess it depends how complex you wanted to make the tool.  I
> > have no intrinsic love for UUIDs.  I don't need or necessarily want the
> > default uid tool to generate UUIDs (I can subclass the tool if I want to
> > do this).  It's fine if it just generates integer ids if that's simplest
> > for everybody else.
> 
> Something I have been trying to work out, is why the dislike for 
> UUID styles uid's.  Also do uuid's need to be universally unique
> or just unique within a site or a set of sites?

I think the common definition of UUID is "universally unique id", where
"universe" is supposedly all systems across all time.  I think this is
impossible without some centralized registry but people (namely,
Microsoft and the DAV folks who are using UUIDs in production)
apparently seem to think that relying on probability is ok for most
things.

The current CMFUid implementation does not try to generate uids with
that definition of "universe" (its "universe" is that Zope instance
only).  So they are not "UUIDs".

I don't understand the resistance to UUID-format ids either.  Maybe the
resistance is related to probalistic generation of uids ("Version 4"
UUIDs in the spec are meant to be generated completely randomly;
"Version 1" UUIDs use time, mac address, and so forth, which is still
probabilistic but not so much as Version 4).   Or maybe it's the format
of them being 128 bits, formatted to hex, with some dashes separating
various parts of the id.  Maybe both?

> I have been using our own home grown uid tool, and uids in CMF for about 2 years
> with quite a bit of success. We used the following elements to construct
> the id's which where SHA based.
> 
> time + random num + path of object + client IP + server IP + instance path
> 
> Whilst it's possible that the someone else might be able to generate the same string to put
> into sha, within the set of machines we run/manage it is pretty well impossible, which
> is all we where worried about.  

Yup.  Note that the browser id manager in Zope uses a different set of
data input but also generates "unique ids generator".  These ids have
the format:

    'AAAAAAAABBBBBBBB'
    where:

    A == leading-0-padded 8-char string-rep'd random integer
    B == modified base64-encoded 11-char timestamp (precise to
         clock resolution of platform)

There haven't been a rash of bug reports related to this unique id
algorithm, so I assume it's working ok at least for browser ids.

- C

More information about the Zope-CMF mailing list