« The new brackets are out | Main | How out of touch the Vatican is with US Sentiment »

Blogs behind the firewall

Here is an interesting article on blogs behind the firewall. The differences between an internal and external blog.

As I read this I think that blogs internal to the comany are a good idea as I believe it would improve company communication and the RSS model is a superior way of reading news when compared with periodically checking a website for new entries. The problem is the company I work for is very distributed across the world on many different ip networks, simply putting a blog server on our corporate intranet would not work.

The solution that is more resonable would be password proteting RSS feeds using http authentication. This requires a news aggregator that supports authentication and a bloggin system that facilitates easy and secure account management.

Where are the RSS aggregators on this technology?
Bloglines and other popular web based RSS Readers to the best of my knowledge do support password protected feeds. There are a few desktop clients that support password protected RSS feeds but I like to access my feeds from the web wherever I am. Looking at the Wikipedia entry for news aggregators there is only two aggregators listed that mention they support password protected feeds in their descriptions. Not Enough!

When it comes to using password protection on blogs, Jeremey Smith talks about the options out there for acomplishing this. For the internal company blog the LDAP integration seems to make the most sense. But it still requires some work to get going. And your still left with a limited set of aggregators that support authentication.

So what needs to happen to internal company blogging practical
- Have all aggregators support HTTP authentication
- Have blogging software support seamless LDAP integration

Until this happens the solution is messy at best.

Posted by BunkAsInBed on April 7, 2005 09:37 AM |

Comments

The problem of providing access control to blogs is certainly a hairy one. It has two main aspects:

1) Protect an entire blog.

2) Protect only certain entries.

Protecting an entire blog is the easier one in the situation. You wrap it up in some .htaccess directives a la:

require user jsmith cbunk jhawley cprall emcbride etc

Of course, where those accounts are stored becomes the issue there. A directory server? A local account system? Typekey?

Role based access control would help (assuming a sufficiently nice Directory Server infrastructure existed). That would allow:

require employee@nasa.gov

Or, if you had sub-organizational units sufficiently fleshed out (say orgs like "foo", "bar", "baz", and "quux"), you could do even finer control:

# allows people in 'foo' and 'quux' in but 'bar' and 'baz' are disallowed
require employee@foo.nasa.gov employee@quux.nasa.gox

Going even further (because this is, kind of, my thing), with a Federated Identity infrastructure, you can get really cool:

require employee@cleveland-division.arescorporation.com employee@foo.nasa.gov

Of course, this is all in relation to protecting an entire weblog. This problem gets sooooooooo much hairier when you want to protect certain entries on one blog but not other entries on the same blog. Or, just protect certain entries differently than certain other entries. I could go on for days about it.

Posted by: jms18 | April 7, 2005 06:26 PM

How would your visitors best take advantage of the feeds. If there a good web based aggragator that supports http authentication?

Posted by: Chris Bunk | April 7, 2005 08:30 PM

How would your visitors best take advantage of the feeds. If there a good web based aggragator that supports http authentication?

I am not sure if bloglines supports it or not, but you can include credentials in a URL. So, if you have a username/password of:

cbunk/supersecret

To access a feed located at http://example.com/rss.xml, you can use the following URL to get at it:

http://cbunk:supersecret@example.com/rss.xml

Again, though, I am not sure if bloglines supports it; I've never tried. And, it does open up a can of worms in that you are storing your example.com credentials in the bloglines.com database. That makes me uncomfortable.

It gets trickier with accessing a feed where certain entries are password protected while other entries are not. My thoughts are to include the password protected entries in the feed, but just as titles and links -- no content or summary. When a subscriber clicks on one of the password protected ones (you know, to actually see the content); that's when you challenge them for authentication/authorization.

It's a hack.

Posted by: jms18 | April 8, 2005 11:33 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)