Jon Udell has noticed that authenticated
RSS feeds don't work very well. It's a chicken and egg situation:
There are few authenticated RSS/Atom feeds because there are few feed
readers that deal with them, and vice versa. But beyond that
bootstrapping problem there's a larger one.
A lot of popular feed reader services such as My Yahoo or Bloglines are
host based. With current feed authentication mechanisms, this means
that you have to hand your user name(s) and password(s) to your feed
reader service and let it impersonate you to do anything useful. Not
great. Recently, Kim Cameron has been blazing away at the
concept of impersonation, not just the problem of handing your password
out. I'd like to suggest that authenticated feeds provide an ideal
place to experiment with better approaches: They're read only, the bar
is currently very low, and there's a whole host of immediate
possibilities that would become possible once you can cleanly authorize
a feed reader to read feeds on your behalf. I think the right way to
do this is through a lightweight assertion mechanism that lets you say
"I authorize service X to asynchronously read feed Y on my (Z's)
behalf".
I'm still trying to digest all of the twists and turns of the thread
below. I am pretty sure that whatever solution is adopted, it has to
cleanly allow for the "allow a service to read a feed" to be at all
useful.
The Impersonation/Delegation Discussion
Presented in backwards chronological order
Dramatis Personae: Eve Mahler, Kim Cameron, Conor Cahill, Pete Rowley,
Phil Windley
Phil
Windley: On Impersonation and Delegation
Conor
Cahill: Delegation, Impersonation, and downright access
Pete
Rowley: The umpire delegates back
Conor
Cahill: SAML, Liberty, and user presence
Kim Cameron: Drilling
further into delegation
Kim Cameron: Wrong-headed
impersonation
Tags: authentication, delegation, openid, cardspace, feeds, impersonation, drosophili
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment