Blogger: Larry Cannell
A recent post on Samuel Driessen’s blog posed a question sent in by Peter Verhoeven regarding the use of secured RSS feeds in enterprise RSS products such as Newsgator or Attensa (secured RSS feeds require a the user to be authenticated in some way, often with a username and password). Peter is working on a project to consolidate RSS feeds, reduce network bandwidth, and enable collaboration to take place around them.
The problem is secured RSS feeds have challenges that are not obvious when using RSS feeds from unsecured sites (like a public news site or a blog, like this website). Peter reports that Newsgator has capabilities to handle secured RSS feeds, but are implemented in a way that is unsatisfactory. Attensa’s handling of secured RSS seems broken in many ways (read the post for more details).
RSS, Not Just For Blogs
Often times people assume the source of RSS feeds can only be content sites, like blogs. However, RSS can be generated from any application, including enterprise applications. So, when RSS feeds are secured it can be dangerous for an aggregator to make assumptions about the feed.
Here is a key point about secured RSS feeds: the same RSS feed URL can produce a different list of feed items based on the identity of the requesting user. For example, assume a CRM system produces an RSS feed. Persons "A" and "B" both have access to the CRM system but cannot perform the same functions. "A" can look at all outstanding leads. "B" can as well, but is also able to see all closed deals. Therefore, if the CRM system uses the same feed URL "A" will not see some items that "B" does (closed deals). Clearly, this is a very different scenario then monitoring a blog for new posts.
So, the reason secured feeds should not be easily shared is because they may contain different feed items per user. Secured RSS feeds can also be personalized RSS feeds.
This doesn’t have to be a difficult concept to understand if you strip away some of the mystique which can be assigned to RSS feeds. Ignore the fact that RSS feeds are formatted in a special way (or course, they are in RSS format). Instead, think of them as simply web pages served up by a web server (which may be fed by an application generating the web page). They are also accessible using https. So the only difference between an RSS feed and a web page is the format of the text (one is html, the other is RSS).
In the example above the CRM system is producing a different RSS feed based on the identity of the user. This is no different than the behavior of the same CRM system when it is used interactively as an application. But, instead of producing a different page of html per user, the secured RSS feed produces a different list of RSS feed items.
Secure RSS Feeds Are Personalized For You
The most obvious difference between unsecured and secured RSS feeds (besides requiring authentication) is that secured feeds can be personalized. So if we start thinking about scenarios where an enterprise application provides different RSS feed items per user some interesting scenarios come to mind. An obvious use is notifications; maybe a part as been released to manufacturing, a payment has been made, or some other event happens that the application feels is important enough that you should be notified.
Today, these notifications are usually sent via e-mail. In some cases these messages occur infrequently enough that the user notices them in their inbox. But, it may also be the case that these messages overwhelm the user who then simply turns them off or ignores them.
In the case where numerous notifications are overwhelming inboxes, an option to consider is an RSS feed consumed by a “river of news” aggregator (this assumes, of course, the application can produce an RSS feed). For example, the Google Desktop Web Clips gadget monitors multiple RSS feeds and displays new items in a sidebar on a desktop display. It also happens to support Windows single sign-on which means it doesn’t need to store a username and password for secured feeds, if the application providing the secured RSS feed also supports Windows single sign-on.
The “river of news” aggregation model assumes that if the reader misses some items it isn’t a big deal but one of them may catch their attention. So, imagine having a stream of updates coming from enterprise applications showing up in a sidebar. Although there may still be an overwhelming number of notifications coming they no longer clog up the inbox and the person monitoring these may be satisfied knowing messages are flowing at an expected rate.
I’m sure there are many options that could consume secured RSS feeds and present them to individuals or teams in useful ways. If you have an interesting example please share it below.
Update: Greg Reinacker posted a response and says NewsGator Enterprise Server 3.x will implement a feature that will address Peter's issue with secured feeds.