 |
 |
On Wed, 26 Jan 2005 09:48:24 -0500, Walter Lewis <[log in to unmask]> wrote: > We had been kicking this around at a couple of points last year around > here. Could RSS, essentially a broadcast technology, be fit into a > narrowcast mode, one feed per customer. Given that challenges to email > notification, I keep looking for alternatives. Here's a blog entry > proposing it. > > http://blogs.zdnet.com/BTL/index.php?p=960 > > My gut sense is that without an authentication layer this can't work ... > but then we have authentication layers built into the ILS that *might* > be leveraged. Does anyone have any experience with this? Portal systems generally have a "My Account" or "My Preferences" page to which the user is brought after logging in. This is one place to consider putting a link to a personalized RSS or Atom feed. Assuming the form of the feed URL is not easily guessible, the only ways I can see off the bat to discover an individual's feed would be to (1) log in as that person to the My Account page, (2) induce that person to tell you the URL, or (3) get access to that person's workstation. Not that this would be adequate security for all applications. Most RSS feeds are retrieved via HTTP--I wonder if any feed readers support HTTP basic authentication, or HTTPS sessions? It looks like the Atom folks are working on an Atom publishing protocol that includes two security mechanisms: the existing HTTP digest authentication and a planned but as yet not worked out CGI authentication.[1] The IETF draft for Atom also stipulates that Atom clients and servers may support encryption of Atom sessions via TLS. Chuck Bearden [1] <http://www.ietf.org/internet-drafts/draft-ietf-atompub-protocol-02.txt>; see section 3.7.