Secure Syndication

Joe Gregorio


Bonus Goals




'Just' use HTTP Authentication

'Just' use Atom

Example Atom Feed

   <?xml version="1.0" encoding="utf-8"?>
   <feed xmlns="">
     <title type="text">dive into mark</title>
     <link rel="alternate" type="text/html" hreflang="en" href=""/>
       <title>Atom draft-07 snapshot</title>
       <link rel="alternate" type="text/html" href=""/>
       <content type="xhtml">
         <div xmlns="">
           <p><i>This is content. </i></p>

Encrypting portions of a feed

What have we learned so far?

Enter the greasemonkey

A Firefox extension which lets you to add bits of JavaScript to any web page to change its behavior.

JavaScript and Math

Blowfish - a low friction choice

Almost all the pieces


Putting it all together

<div class="encrypted blowfish" 
 <p>The following data is encrypted. Please install
    the SecureSyndication Greasemonkey script to 
    view the encrypted content.
 <div class="encdata">

Putting it all together - The Atom Feed

<?xml version="1.0" encoding="us-ascii"?>
<feed xmlns="">

  <title>Secure Syndication Test Feed</title>
  <link rel="self" href=""/>
      <name>Joe Gregorio</name>

    <title>An entry with encrypted content.</title>
    <link href=""/>
    <content type="xhtml">
      <div xmlns="">
        <div class="encrypted blowfish">
          <p>The following data is encrypted. Please install
            the <a href="">SecureSyndication</a> Greasemonkey script to
            view the encrypted content.</p>
          <div class="encdata">WORK:C7FDDC3B50FF0BE0E6F47CBD54AC149FA6E42F1DD9C8AEA48F4D400B6970C14082858FF94901795DBE1C7D380ED6                </div>
        <div>The unencrypted content in this div should remain unchanged.</div>



What did we just accomplish?

Where does this work today?

Web-Based Aggregator Scorecard
Bloglines Yes
Rojo Yes
Kinja Yes
NewsGator Web Yes
Yahoo! No full content
Google No. Strips all class attributes.
MSN Spaces ???

Request to aggregator builders

(Not) The End