Comments on: RSS and Authentication http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/ Musings on just about everything. Thu, 28 Aug 2008 04:04:00 +0000 http://wordpress.org/?v=2.6 By: Vitriol » Blackboard Secure RSS http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/#comment-746 Vitriol » Blackboard Secure RSS Wed, 04 Oct 2006 11:16:56 +0000 http://www.gregrphoto.com/rassoc/gregr/weblog/2003/08/10/rss-and-authentication/#comment-746 Pingback Pingback

]]> By: Quickfinch: The Blog http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/#comment-745 Quickfinch: The Blog Wed, 24 May 2006 03:59:06 +0000 http://www.gregrphoto.com/rassoc/gregr/weblog/2003/08/10/rss-and-authentication/#comment-745 Pingback Pingback

]]> By: Greg Reinacker http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/#comment-744 Greg Reinacker Thu, 02 Sep 2004 05:50:21 +0000 http://www.gregrphoto.com/rassoc/gregr/weblog/2003/08/10/rss-and-authentication/#comment-744 Steve, shoot a note over to support at newsgator.com with what you're seeing, and we'll be able to get you fixed up. Steve, shoot a note over to support at newsgator.com with what you’re seeing, and we’ll be able to get you fixed up.

]]> By: Steve http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/#comment-743 Steve Wed, 01 Sep 2004 20:00:38 +0000 http://www.gregrphoto.com/rassoc/gregr/weblog/2003/08/10/rss-and-authentication/#comment-743 I use newsgator and setup autheticated access to by blog, blogware hosted. This has secure categories. When I access, (authenticated), using the browser everything is fine, I see <br> <br>http://steves.businessblog.com/blog/Secure/AlternativeDesktop/index.xml <br> <br>when I access via newsgator I see <br> <br>http://steves.businessblog.com/blog/index.xml <br> <br>which implies my credentials are not being provided. I use newsgator and setup autheticated access to by blog, blogware hosted. This has secure categories. When I access, (authenticated), using the browser everything is fine, I see

http://steves.businessblog.com/blog/Secure/AlternativeDesktop/index.xml

when I access via newsgator I see

http://steves.businessblog.com/blog/index.xml

which implies my credentials are not being provided.

]]> By: Bill French http://www.rassoc.com/gregr/weblog/2003/08/10/rss-and-authentication/#comment-742 Bill French Sun, 17 Aug 2003 20:25:34 +0000 http://www.gregrphoto.com/rassoc/gregr/weblog/2003/08/10/rss-and-authentication/#comment-742 Erik raises an important issue that's a bit deeper than most people realize. Using HTTP authentication is but one dimension of a complex requirement. <br> <br>In our experience, enterprises are asking for RSS to be delivered in a security context, not just securely. What this means is that given a specific individuals permissions, what items in an RSS feed are they able to see and/or read. This is very similar to search within a security context - where just the _knowing_ that there is a document in the system entitled "Layoff's 2003" is in fact a security violation even though the user couldn't read it. <br> <br>When it comes to the simple act of blogging in a secure manner, we have already experienced requests for single blogs (channels) to publish items based on user permissions. In fact, I use this model to blog to 15 consulting clients, each of which see a secure collection of content that is targeted specifically for their interests but is accomplished in one weblog (channel). There are many benefits to this approach - one is the ability to reuse some items on multiple clients without any additional effort. <br> <br>RSS is about to face some stringent tests as enterprises launch blog initiatives, and the engines that generate the feeds will have to come up to speed in terms of a granular (object/item-level) permissions model. The MyST platform already provides this (and much more for larger businesses). ;-) <br> <br>bf Erik raises an important issue that’s a bit deeper than most people realize. Using HTTP authentication is but one dimension of a complex requirement.

In our experience, enterprises are asking for RSS to be delivered in a security context, not just securely. What this means is that given a specific individuals permissions, what items in an RSS feed are they able to see and/or read. This is very similar to search within a security context - where just the _knowing_ that there is a document in the system entitled “Layoff’s 2003″ is in fact a security violation even though the user couldn’t read it.

When it comes to the simple act of blogging in a secure manner, we have already experienced requests for single blogs (channels) to publish items based on user permissions. In fact, I use this model to blog to 15 consulting clients, each of which see a secure collection of content that is targeted specifically for their interests but is accomplished in one weblog (channel). There are many benefits to this approach - one is the ability to reuse some items on multiple clients without any additional effort.

RSS is about to face some stringent tests as enterprises launch blog initiatives, and the engines that generate the feeds will have to come up to speed in terms of a granular (object/item-level) permissions model. The MyST platform already provides this (and much more for larger businesses). ;-)

bf

]]>