January 05, 2004
Username Password Authentication for RSS
John Robb asks why there aren't simple username protection for RSS feeds. It's a good question and one that has stymied my ability to move our organization at work to a complete RSS platform.
What we end up doing is wrapping the RSS feeds into a backend security system. In our case it's PHPBB. Getting the security part right for RSS required us to rely on the backend to provide the security. This isn't elegant nor is it comprehensive. It limits out ability to focus on the content and collaboration we need.
I know nothing of the RSS standard nor do I know if the ATOM standard has a username/password/security component. If it exists in either platform I haven't heard about it yet.
The issue with introducing it now are the aggregators. Each would have to implement some form of pass through of the username or password if the feed requires it. Whereas that process is one way now, it'd need to be two way. There again you'd see something like a PHP wrapper. Yes, there are a few aggregators that support RSS username and passwords, but they rely on the HTTP/SSL.
Is there a way to move away from this system of handling access? Something simple that doesn't require outside entry by the user or browser, but can be handled through the reader?
