Specific allowances for feeds? #6
Description
I’m pretty interested in AutoAuth for a thing I want to build but I feel like it doesn’t quite get what’s needed for feeds (Atom in particular). Atom feeds are often served up through a CDN-type proxy such as FeedBurner or through a translating WebSub proxy like Superfeedr, which makes header-only access control not robust enough.
I feel like there should be an allowance for a link tag with appropriate rel attributes to specify where to receive additional content that would be authorized, both at a feed and an item level. This would particularly help with the WebSub use case, where the push server is only sending the changed entries to the reader, and the reader may have multiple subscribers attached to it with differing access levels.
I’ve been sort of working on some very rough proposals for authenticated feeds in an Atom and WebSub context over at https://beesbuzz.biz/blog/4594-The-authenticated-Atom-musings-continue and while that is far from finalized (in particular I’m leaning towards making all those attributes <link rel>s so it doesn’t need a new XML namespace and can also work with RSS and h-feed) it feels like it runs counter to purely header-based auth negotiation, especially in the WebSub case.
There’s probably something I’ve missed though!