Weblogs in the Extranet. What's required to use weblogs when communicating within a closed community consisting of multiple organizations? It's not like the intranet where everything is under the control of one organization, and it's not like the Internet where everything is public. One difference is the requirement for standards and a lowest-common-denominator approach to protocols and tools. (This is another example of Jon Udell's readable web, which I mentioned last week.)
Another big difference is the security model. On the intranet one can restrict access to data by restricting access to the network itself. But this won't allow trusted third parties to access one another's weblogs unless a complex virtual private network (VPN) is deployed, and even then it's hard to share weblogs without sharing other data that should remain private. One solution is to permit the members of the extranet to use authenticated access to specific weblog resources. For instance, the HTML version of a weblog can easily be protected by usernames and passwords using the web server's existing Basic Authentication mechanism. One can thereby grant access privileges according to users and groups. If the transmissions themselves need to be encrypted, SSL can be used. The HTML-rendered weblogs can be uploaded using FTP or secure FTP (SFTP). Basic Authentication, SSL and FTP are universal, so this meets the readable-web and standarization requirements.
But what about authenticated and secure access to weblogs via RSS feeds, one of the most important benefits of using weblogs in an extranet? Many RSS viewers can't deal with usernames and passwords, and even fewer can communicate using SSL. So while we can use FTP to upload RSS files to an extranet server, how can we restrict the subscriptions to authorized/authenticated users? Thanks to a tip from Jeremy Bowers, the developers of Radio Userland recently added an RSS subscription username/password capability into version 7.1--currently in beta and is scheduled to ship shortly. The enhancement allows the user to subscribe to RSS feeds that require username/password authentication, and although the passwords are stored within Radio's database and transmitted in the clear where network sniffers could discover them, they don't typically appear on the user's screen once the subscription has been established. Using Radio 7.1 or another similarly equipped RSS viewer, it's therefore possible to use RSS as well as HTML renderings of weblogs for intranets. But this is just a start. If future RSS viewers encrypt passwords, allow for other more robust authentication schemes and support SSL, they will meet the security needs of nearly every extranet. [discuss]
Posted Monday, December 17, 2001 10:49:58 PM