UPDATE: Niall Kennedy blogs about accessing private feeds, but doesn't mention that IE7 and Office 2007 doesn't support it. Dare posts about Niall's post and has an interesting comment "At the end of the day, can Bank of America trust that RSS Bandit or Bloglines is doing a good job of adequately protecting the feed from spyware or malicious hackers?"
Of course they can't, just as BofA can't control that I might use any old HTTP stack to talk to their regular website. Angle brackets over HTTP are just that. RSS just makes them more regular and a little easier to parse. I would propose within the context of banking, keying off Dare's comment, that OFX and RSS are arguably the same thing with RSS just being more presentation focused. OFX being pulled into Microsoft Money and Yodlee is no different from RSS being pulled into RSS Bandit or Bloglines.
More on this topic at this post...
This is news that I'm apparently late to the party on:
In IE7RC1, it let me subscribe happily with a password dialog and added my feed. Only when I returned a day later did I find my stale content wasn't updating.
That's going to make things like Audible.com and other password protected feeds difficult to work with in IE7. I hope the get this handled for the release.
Does anyone else think this is a huge problem? Is this just IE7 or is this the whole RSS Platform? If it is the platform, I think this makes personalized RSS content considerably more difficult.
There's been some news on this before over at GlobeBlogger, who noted as I did with considerable shock, that Outlook 2007 isn't using the RSS Platform.
The RSS Team PM Sean Lyndersay responded here to Charlie Wood's email. He says (edited for length)
To be honest, it was simply a casualty of time/resources vs. demand. There aren't a lot of authenticated feeds out there (yet). When we looked at the cost of doing it, we decided that it was something that could wait until our next release.
Outlook 2007 doesn't use the RSS Platform for downloading feeds, but they made fundamentally the same decision as we did (weighing resources against demand), and they don't support authenticated feeds either.
In both cases (IE/RSS Platform, and Outlook 2007), we support what's called NTLM/Kerberos pass-through authentication — which means that in many corporate environments where NTLM/Kerberos authentication is used (typically with Windows domains), the credentials that the user used to log into the machine will be automatically used. This allows authenticated feeds to work in a lot of corporate environments.
Both IE/RSS Platform and Outlook 2007 do support SSL-encrypted feeds. We also have found that many people who ask for authenticated feeds really want personalized feeds (where the data is public, but the feed itself is personalized to a particular user) — in these cases, we recommend generating URLs with guids or another unique identifier for each user.
So, to summarize:
- We don't support storing different credentials for different feeds.
- We do support NTLM/Kerberos pass-through for using the users logged-in credentials
- We do support SSL-encrypted feeds
- We recommend using personalized feeds, where possible.
- As for when we will have authenticated feed support: I don't have an answer for you on that. We haven't announced a date for our next release.
Hope this is helpful.
With all due respect to Sean and his team, I hope that they hear our concern about this huge omission and realize that truly authenticated feeds will allow RSS to realize it's full potential.
Dare Obasanjo realizes how HUGE this could be and what a HUGE GOOF it is to not include support out of the gate. Authenticated feeds could change the game entirely (emphasis mine):
No support for password protected feeds. The number of password protected feeds on the Web continues to grow, Web sites such as GMail and LiveJournal provide authenticated feeds for users today. As the usage of syndication technologies like RSS continues to grow, the need to support authentication by feed readers will also grow as well. I can imagine a day when I can subscribe to a password protected feed from my bank or credit card company. Not having support for this today is a non-starter.
Please, discuss, I'm interested in your thoughts, dear reader. If you agree that this is important for the future of the spec and the continued usefulness of Feed technology, do put pressure on them.