Secure Syndication

Joe Gregorio

bitworking.org

Goals

Bonus Goals

Environment

Environment

Just

'Just' use HTTP Authentication

'Just' use Atom

Example Atom Feed


   <?xml version="1.0" encoding="utf-8"?>
   <feed xmlns="http://www.w3.org/2005/Atom">
     <title type="text">dive into mark</title>
     <updated>2005-07-31T12:29:29Z</updated>
     <id>tag:example.org,2003:3</id>
     <link rel="alternate" type="text/html" hreflang="en" href="http://example.org/"/>
     <entry>
       <title>Atom draft-07 snapshot</title>
       <link rel="alternate" type="text/html" href="http://example.org/2005/04/02/atom"/>
       <id>tag:example.org,2003:3.2397</id>
       <updated>2005-07-31T12:29:29Z</updated>
       <content type="xhtml">
         <div xmlns="http://www.w3.org/1999/xhtml">
           <p><i>This is content. </i></p>
         </div>
       </content>
       ...

Encrypting portions of a feed

What have we learned so far?

Enter the greasemonkey

Greasemonkey
A Firefox extension which lets you to add bits of JavaScript to any web page to change its behavior.

JavaScript and Math

Blowfish - a low friction choice

Almost all the pieces

Microformats

Putting it all together


<div class="encrypted blowfish" 
 <p>The following data is encrypted. Please install
    the SecureSyndication Greasemonkey script to 
    view the encrypted content.
 </p>
 <div class="encdata">
    WORK:C7FDDC3...B86
 </div>
</div>
    

Putting it all together - The Atom Feed


<?xml version="1.0" encoding="us-ascii"?>
<feed xmlns="http://www.w3.org/2005/Atom">

  <title>Secure Syndication Test Feed</title>
  <link rel="self" href="http://bitworking.org/projects/securesyndication/index.atom"/>
  <updated>2006-02-28T18:30:02Z</updated>
  <author>
      <name>Joe Gregorio</name>
  </author>
  <id>urn:uuid:602321c80-d399-11d9-b93C-0003939e0af6</id>

  <entry>
    <title>An entry with encrypted content.</title>
    <link href="http://bitworking.org/projects/securesyndication/"/>
    <id>urn:uuid:1225c695-1123-4ebb-aaaa-80da344efa6a</id>
    <updated>2006-02-28T18:30:02Z</updated>
    <content type="xhtml">
      <div xmlns="http://www.w3.org/1999/xhtml">
        <div class="encrypted blowfish">
          <p>The following data is encrypted. Please install
            the <a href="http://bitworking.org/projects/securesyndication/">SecureSyndication</a> Greasemonkey script to
            view the encrypted content.</p>
          <div class="encdata">WORK:C7FDDC3B50FF0BE0E6F47CBD54AC149FA6E42F1DD9C8AEA48F4D400B6970C14082858FF94901795DBE1C7D380ED6                </div>
        <div>The unencrypted content in this div should remain unchanged.</div>
      </div>
    </content>
  </entry>
</feed>
        

Encrypted

Decrypted

What did we just accomplish?

Where does this work today?

Web-Based Aggregator Scorecard
Bloglines Yes
Rojo Yes
Kinja Yes
NewsGator Web Yes
Yahoo! No full content
Google No. Strips all class attributes.
MSN Spaces ???

Request to aggregator builders

(Not) The End