When you add 'Security' to RSS it isn't really simple syndication anymore. This is one of the issues that we are dealing with here at Folknology. In order to deliver what our customer desire we need to be able to provide RSS's functionality and simplicity with clients desire for security, particularly around financial information.

We have been working on this for some time and still do not have satisfactory solutions, thus we have recently started to reach out to other developers in this area to ask what they are doing.

In simple english RSS appears to have been developed without consideration for security, not that this happened on purpose of course rather it was designed from a public content perspective. The trouble is we and others n are now wishing to use it in a way in which it was never intended and are hitting speed bumps and even roadblocks.

Here are the main issues that trip us up:

1) Securing transmission of the transfered information
2) Authentication and identity
3) Caching of feeds both locally and via aggregators/routers
4) Traces and shadows of information left by caching and viewing

All of these are tricky because there are few standards implemented around RSS that cover them.

Niall has recently brought attention to this and other threads have been following on from it :

• Authenticated and private feeds
• Carnage4Life
• Computer Zen

I think Dave Winer has also picked up on this, as will others I hope, as this is a problem that needs co-operation to solve. We may have to consider encrypting items within the XML to completely resolve this. Either way let me know by email if you are experiencing or anticipate issues around secure feeds. (use - al at folknology.com).