I have no idea how feasible the following idea is; I'm posting it in hopes someone around here knows more about RSS-guts than I do and can say.
So I was thinking, wistfully, about the possibility of getting locked entries from other services via feed. Zvi suggested, on the wiki (http://wiki.dwscoalition.org/notes/Cross-site_authenticated_RSS), embedding such entries in iframes so as to get the actual content but it seemed to me that this might run into bandwith problems seeing as iframes are basically hotlinking. Or maybe it wouldn't be any more burden than RSS already is (I did mention I know nothing about the guts of the thing). In any case, there has to be something happening in the DW backend that determines who can see a given locked entry, yes? It seems to me that, in order for this to really work, there would have to be, effectively, an individual feed per DW user subscribing to OtherServiceUserX, that feed containing the DW user's authentication credentials with OtherService. So, if the DW backend needs to do authentication processing anyway, is it feasible to just go ahead and /have/ individual feeds for each subscriber to OtherServiceUserX? I think this is similar to Denise's idea, only from a different angle, and wanting to pull down the actual content. Obviously, the individual subscription would need to be concealed, since it's the feed string itself that contains the authentication isn't it? What I was envisioning was a "surface feed" account on DW that shows only public entries. When a DW user subscribes to that account and checks a box marked "friend of $user on $service" or similar and giving authentication, a "subfeed" is created containing that user's authentication, and the subfeed is what goes into the reading list. On the profile page the surface feed account would be the one that shows up in the reading list block, and that would be the one that goes into creating a network page. Is this possible? An insane amount of extra database work? Too much bandwidth load or too many requests? Maybe it's possible with some kind of time-limited local caching and a function to just check whether there's been any update in the feed-source since the last query. I can't tell, and am hoping someone else will know. Incidentally, I never did quite figure out whether a url- authenticated feed on LJ et al is visible to or subscribable by users other than the creator. If they are, that opens up a whole dire can of credential-hijacking and privacy-violating worms, and probably constitutes a security hole that should be closed. Anyone know about this? Cheers, ER _______________________________________________ dw-discuss mailing list [email protected] http://lists.dwscoalition.org/cgi-bin/mailman/listinfo/dw-discuss
