sdorfman.rm <sdorfman@...> Tue, 28 Feb 2006 06:34:43
>Sorry for the slight off-topic-ness of this post, but I'm trying to get
>Yahoo to enable RSS
>authentication so I can keep up with several yahoo groups (that don't
>allow non-members
>to view messages) via RSS instead of email. If you'd like to see Yahoo
>add this feature,

I've reached the conclusion that "private" RSS feeds that require
authentication is a bad idea. The problem is that RSS is frequently
consumed by spiders, robots and other automated apps and then
re-purposed. This re-purposing often results in the items then appearing
in a public feed with no authentication. So even though you serve up the
feed securely you really have no idea what happens to it later. An
example of this was a feed that was dropped into Newsgator by a user. it
later turned up in Newsgator's public search. This is not a refelection
on Newsgator necessarily and I know they do try and keep HTTP-Auth
protected feeds out of their public database.

In theory this should be no different from HTTP-AUTH protected web
pages. But in practice the RSS community is much less careful about
respecting privacy than the relatively smaller community of people that
write automated apps to access html pages.

The point here is that if we write aggregators we should try to be
careful about respecting feeds that should be private. In practice, this
can be hard. And as a feed provider you shouldn't assume that your
private feed will stay private.

Which is all a long winded way of saying that if you want a feed from a
Yahoogroup, then make the group open. What is the group owner trying to
hide anyway?

--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
*** Just Say No To DRM ***