Regarding association of the reference with the actual file, Jon
Postel mentioned an interesting point. Heretofore, when someone sent
you a piece of e-mail, it was complete in its own right. It was
archivable. That is, you could file it away in whatever file system
you trusted, and you could be assured that you could retrieve it
later.
With external references, you're dependent on the lifetime and
integrity of the external store. Unless you actually retrieve the
file, there's not much to be said about the lifetime of the store, but
there is something to be said about the integrity.
How about associating a has with each external reference? Simply
compute the MD5 (or any similar) hash on the file and include it in
the reference. The hash will also serve as a handle for the file and
make it easy to associate the reference with its contents. Worried
about duplicate hashes? Don't be. If duplicates were a problem, the
hash wouldn't be worth much. The "birthday problem" asks how large a
group needs to be before there's a 50% chance that at least two
members of the group have the same birthday. Birthdays are a sample
space of 365 (or 366), and the group size for a 50% probability of
collision is only about 23. How does this cale up up? The 50% point
is about 1.17 * sqrt(N). MD5 is 128 bits long, so a collection of
slightly more than 2^64 samples is needed to reach the 50% for a
collision. This is a lot of files. If this doesn't seem safe enough,
use a longer hash.
Steve