[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [syndication] Authenticated Access to RSS

To: syndication@yahoogroups.com
Subject: Re: [syndication] Authenticated Access to RSS
From: Mark Nottingham <mnot@mnot.net>
Date: Sat, 15 Dec 2001 21:42:34 -0800
In-reply-to: <167171663128.20011215211355@loy-fu.com>
References: <001c01c185da$5f2d8cf0$c8a8a8c0@rds.com> <167171663128.20011215211355@loy-fu.com>
User-agent: Mutt/1.3.23i

I agree with the general sentiment, but NOT the specifics. NTLM is
proprietary and breaks in some environments; use digest
authentication [1] instead.

If you want to tie encryption/authentication to the XML itself, take
a look at XML encryption [2]. Of course, someone can still republish
a decrypted feed, but if you want to protect against that, you're
really looking for DRM, which hasn't been standardized yet.

Cheers,

[1] http://rfc2617.x42.com/
[2] http://www.w3.org/Encryption/2001/


On Sat, Dec 15, 2001 at 09:13:55PM -0800, Dion Loy wrote:
> This doesn't and shouldn't require RSS-level support in the RSS spec.
> This is already done at the HTTP level. It would be relatively
> trivial for current RSS readers (if they don't already) to support
> HTTP authentication (base64 at the very least, maybe NTLM if they want
> to get fancy).
> 
> Webservers really don't care what kind of stuff they serve up. If the
> directory is password protected, it will simply challenge for the
> authentication, HTML, XML, whatever.
> 
> Saturday, December 15, 2001, 6:35:47 PM, you wrote:
> 
> DK> Scott Loftensness and I were discussing something off-list, and it got me
> DK> thinking about how to provide authenticated access to syndication when using
> DK> a desktop RSS-reader such as Radio or Headline Viewer. Here's the challenge.
> DK> In an intranet environment, once can restrict access to RSS files at the
> DK> network layer. That is, using firewalls and VPNs one can control who can
> DK> reach the HTTP server that delivers the files.
> 
> DK> But what about an extranet environment? Suppose you want to publish weblogs
> DK> and their associated RSS files, but restrict them to customers, vendors and
> DK> other partners? It's easy to use basic authentication (username/password) to
> DK> limit access to the HTML renderings of the weblogs, but what about the XML?
> DK> For instance, do any of the RSS viewers support authentication? Are there
> DK> any considerations within the various RSS specs themselves for
> DK> authentication? (They're just XML, so I imagine not.)
> 
> DK> Any other suggestions on how one would handle this challenge?
> 
> DK> (Cross-posted to http://blogbook.weblogger.com.)
> 
> DK>      ...doug
> 
> DK> Doug Kaye
> DK> doug@rds.com
> 
> 
> 
>  
> 
> DK> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 
> 
> 
>  
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 
> 
> 

-- 
Mark Nottingham
http://www.mnot.net/

References:
- Authenticated Access to RSS
  - From: "Doug Kaye" <doug@rds.com>
- Re: [syndication] Authenticated Access to RSS
  - From: Dion Loy <dion-yhoo@loy-fu.com>

Prev by Date: Re: [syndication] Authenticated Access to RSS
Next by Date: Re: [syndication] Authenticated Access to RSS
Previous by thread: Re: [syndication] Authenticated Access to RSS
Next by thread: Re: [syndication] Authenticated Access to RSS
Index(es):
- Date
- Thread