On Wed, 26 Jan 2005 09:48:24 -0500, Walter Lewis <[log in to unmask]> wrote:
> We had been kicking this around at a couple of points last year around
> here.  Could RSS, essentially a broadcast technology, be fit into a
> narrowcast mode, one feed per customer.  Given that challenges to email
> notification, I keep looking for alternatives. Here's a blog entry
> proposing it.
> My gut sense is that without an authentication layer this can't work ...
> but then we have authentication layers built into the ILS that *might*
> be leveraged.  Does anyone have any experience with this?

Portal systems generally have a "My Account" or "My Preferences" page
to which the user is brought after logging in.  This is one place to
consider putting a link to a personalized RSS or Atom feed.  Assuming
the form of the feed URL is not easily guessible, the only ways I can
see off the bat to discover an individual's feed would be to (1) log
in as that person to the My Account page, (2) induce that person to
tell you the URL, or (3) get access to that person's workstation.  Not
that this would be adequate security for all applications.  Most RSS
feeds are retrieved via HTTP--I wonder if any feed readers support
HTTP basic authentication, or HTTPS sessions?

It looks like the Atom folks are working on an Atom publishing
protocol that includes two security mechanisms: the existing HTTP
digest authentication and a planned but as yet not worked out CGI
authentication.[1]  The IETF draft for Atom also stipulates that Atom
clients and servers may support encryption of Atom sessions via TLS.

Chuck Bearden

[1] <>;
see section 3.7.