Jon Udell has noticed that authenticatedRSS feeds don't work very well. It's a chicken and egg situation: There are few authenticated RSS/Atom feeds because there are few feedreaders that deal with them, and vice versa. But beyond thatbootstrapping problem there's a larger one.
A lot of popular feed reader services such as My Yahoo or Bloglines arehost based. With current feed authentication mechanisms, this meansthat you have to hand your user name(s) and password(s) to your feedreader service and let it impersonate you to do anything useful. Notgreat. Recently, Kim Cameron has been blazing away at theconcept of impersonation, not just the problem of handing your passwordout. I'd like to suggest that authenticated feeds provide an idealplace to experiment with better approaches: They're read only, the baris currently very low, and there's a whole host of immediatepossibilities that would become possible once you can cleanly authorizea feed reader to read feeds on your behalf. I think the right way todo this is through a lightweight assertion mechanism that lets you say"I authorize service X to asynchronously read feed Y on my (Z's)behalf".
I'm still trying to digest all of the twists and turns of the threadbelow. I am pretty sure that whatever solution is adopted, it has tocleanly allow for the "allow a service to read a feed" to be at alluseful.
The Impersonation/Delegation Discussion
Presented in backwards chronological order
Dramatis Personae: Eve Mahler, Kim Cameron, Conor Cahill, Pete Rowley,Phil Windley
PhilWindley: On Impersonation and Delegation
ConorCahill: Delegation, Impersonation, and downright access
PeteRowley: The umpire delegates back
ConorCahill: SAML, Liberty, and user presence
Kim Cameron: Drillingfurther into delegation
Kim Cameron: Wrong-headedimpersonation
Tags: authentication, delegation, openid, cardspace, feeds, impersonation, drosophili