||[Mar. 30th, 2008|01:22 pm]
While we were all scratching our collective head, the world seems to have moved someplace, and we'd better catch up. More and more of my friends are moving to standalone blogs. While the combination of RSS (or, rather, Atom) and OpenID and OPML (through which one can recreate one's friend list in a matter of seconds on any new RSS aggregator) gives the illusion of no functionality being lost, this is not entirely true. Here's what missing:|
1. Limited visibility blogging. Some would say this is better done through other means, such as closed mailing lists, but I disagree. Distributing your toddler's photos is something a) very well suited to the blog format b) something you may wish to limit to certain group of people. It can be easily solved using authenticated feeds, however there is just one tiny problem: the one most popular RSS aggregator (i.e. Google Reader) does not support authentication. I think I am able to solve this problem through an RSS proxy that adds the missing authentication functionality. Anyone knows another online RSS aggregator that does not have such a limitation?
2. High availability and failover. Here we have a real problem, but one (perhaps) more or less easily fixed through caching and some sort of notification protocol. I am willing to tackle this problem - offhand it doesn't seem too hard to fix.
3. Comments notification. LJR thought up a clever idea, where the number of comments is shown as a picture (which is not cached, and fetched from the server each time you look at the entry in question). However, I'm not at all sure it's a real problem, and possibly new comments notification is enough (and an easy way to subscribe to comments from RSS aggregator can be provided on a client - e.g., through a GreaseMonkey script).
If that is all there is, things are much-much easier than we thought initially. Maybe no end-to-end security is required after all - e.g., high availability of the entries of limited visibility is performed through the ones who have access to the entry being considered.
High availability and failover do require security, and I'm inclined to think commenting does too. Comments in standalone blogs usually don't have digital signatures, but they really should, because a blog owner can fake any comment exchange he wishes. Likewise, a mirror owner can mirror posts that never were. Or something.
This is all true, however, based on the current state of affairs concerning availability of PKI solutions (e.g. integration of browsers with client side certificates and availability of smart cards bearing those certificates) and concerning the usability of the existing solutions, I don't think strict security is feasible, unless very serious limitations are placed on functionality. OTOH, authenticity of comments, though desirable, is by no means a blocker: while I wouldn't want anyone to make up conversations with me as a participant, I won't mind it that much either.
It is possible to authenticate comments on the server side. It could work more or less like OpenID.
Ouch, I think I've just invented something interesting.
Let me know when you want to make it public :)
1. User connects to server A using his OpenID on server B.
2. A discovers (somehow :) that B supports form data signing.
3. A presents comment forms (or other forms) with modified target: instead of A/path-to-submit they go to B/path-to-sign/A/path-to-submit.
4. B returns a signed form (targeted to A/path-to-submit this time) that the user reviews and submits back to A.
Question is, how can one, say, C, validate it all once this whole process is over? How can he tell a comment that passed through all of this from one that the owner of server A slapped on the page without consulting anyone?
B publishes (1) user's pubkey, A publishes (2) comments and (3) signatures, C can download 1+2+3 and verify. He needs standard tools like PGP/GPG, or online version thereof. Perhaps a Greasemonkey script can do it in real time ;)
My latest idea about limited availability - use OpenID auth for limited feeds. If RSS aggregator is integrated with your blog server and its OpenID producer, it would have no problem to impersonate you using OpenID.
About comment notification - LJ is hostile site for LJR user. If site carrying copy of the blog, is cooperative with original site, there is no problem to add client-side script to the page, which would request comment number from original site as text, not picture (which would save about 90% of comment notification traffic).