This is really interesting. I'm generally wary of adding ... • Aaron Parecki

76°F

fluffy http://beesbuzz.biz/ • Nov 29

Federated access control with Atom and WebSub

This is really interesting. I'm generally wary of adding encryption into a protocol at this level, instead, preferring it at the transport layer for example by providing an HTTP Authorization header. But you've made some interesting arguments about being able to reuse the existing WebSub mechanisms that are worth exploring more.

I think my main concern, which you sort of hinted at, is that the feed will essentially leak info about how many followers someone has, as well as this potentially including a _lot_ of data as someone's followers grow to the hundreds.

Have you seen the work going on around making IndieAuth work in a server-to-server environment without user interaction? The idea with that is to let a feed reader fetch a private feed on behalf of a user. https://indieweb.org/AutoAuth

Las Vegas, Nevada • 52°F

Thu, Nov 29, 2018 3:08pm -08:00

1 reply 1 mention
Have you written a response to this? Let me know the URL:
- fluffy beesbuzz.biz
  Some more on authenticated Atom
  Fri, Nov 30, 2018 12:39am -08:00
Other Mentions
- fluffy beesbuzz.biz
  Some more on authenticated Atom
  Fri, Nov 30, 2018 12:39am -08:00

Posted in /replies using monocle.p3k.io