RSS and Authentication
August 10th, 2003 by gregr
I see the following kind of thing a lot, talking about authentication with RSS feeds:
[...] Right now, RSS is all anonymous and doesn’t care who you are. Does ATOM/ECHO/PIE have it in its specs for any sort of authentication, so a person could get customized content? Maybe an employee vs. a customer could get different content instead of having two different places a person would have to blog from. What about security? Sensative data…SSL? [Erik Porter]
What many folks seem to overlook is you can do all of this today. You can use HTTP authentication mechanisms, and many aggregators (including, of course, NewsGator) will support it. It’s being done every day, both on the internet and on corporate intranets. And SSL is also supported, if you need an encrypted connection.
This entry was posted on Sunday, August 10th, 2003 at 10:01 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
August 17th, 2003 at 1:25 pm
Erik raises an important issue that’s a bit deeper than most people realize. Using HTTP authentication is but one dimension of a complex requirement.
In our experience, enterprises are asking for RSS to be delivered in a security context, not just securely. What this means is that given a specific individuals permissions, what items in an RSS feed are they able to see and/or read. This is very similar to search within a security context - where just the _knowing_ that there is a document in the system entitled “Layoff’s 2003″ is in fact a security violation even though the user couldn’t read it.
When it comes to the simple act of blogging in a secure manner, we have already experienced requests for single blogs (channels) to publish items based on user permissions. In fact, I use this model to blog to 15 consulting clients, each of which see a secure collection of content that is targeted specifically for their interests but is accomplished in one weblog (channel). There are many benefits to this approach - one is the ability to reuse some items on multiple clients without any additional effort.
RSS is about to face some stringent tests as enterprises launch blog initiatives, and the engines that generate the feeds will have to come up to speed in terms of a granular (object/item-level) permissions model. The MyST platform already provides this (and much more for larger businesses). ;-)
bf
September 1st, 2004 at 1:00 pm
I use newsgator and setup autheticated access to by blog, blogware hosted. This has secure categories. When I access, (authenticated), using the browser everything is fine, I see
http://steves.businessblog.com/blog/Secure/AlternativeDesktop/index.xml
when I access via newsgator I see
http://steves.businessblog.com/blog/index.xml
which implies my credentials are not being provided.
September 1st, 2004 at 10:50 pm
Steve, shoot a note over to support at newsgator.com with what you’re seeing, and we’ll be able to get you fixed up.
May 23rd, 2006 at 8:59 pm
Pingback
October 4th, 2006 at 4:16 am
Pingback