One of the critical requirements for our implementation of APP is SSL
and HTTP authentication (basic for now, eventually, likely something
stronger). Unfortunately, we're finding that a great many of the
available Atom/RSS feed readers on the market don't speak SSL/HTTPS and
have generally poor usability when it comes to http authentication
(e.g., only a handful seem to prompt for authentication on demand and
most will ask for authentication for every feed, even if those feeds are
on the same host and in the same realm.)
What we need to know, at this point, is what other APP implementors are
doing as far as security is concerned. Only clients that can speak SSL
and Basic Auth are going to be able to access our endpoints. In my
personal opinion, all APP clients should be required to support both, at
a minimum.
thoughts?
- James
- SSL and HTTP Auth Support James M Snell
-
