SoC Proposal: RSS Overhaul (incl. Encryption)

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
rivera.ernesto's picture

This is my SoC proposal fro Drupal. Please feel free to post questions, suggestions or send me an email.

--------- Project proposal: RSS Overhaul (incl. Encryption) ---------

Improve over current RSS implementation:

  • Richer RSS options allowing to include/exclude text contents, images, related comments, digg-like links, etc.
  • Allow secure RSS and add access control settings in Admin interface accordingly.

Drupal has basic support for RSS where the only possible customizations are the number of entries to be published and whether text contents should be fully/partially/not included. Drupal users and administrators should have greater flexibility.

Feeds are the easiest way to export content to other sites (blogger, facebook, myspace, etc.), programs (aggregators) and mobile devices. As such the first task will be to add new options to Drupal generated RSS:

  • Multi-level feeds: whole site, block, module, page or story-level feeds.
  • Customizable feed contents: include/exclude images, external links, files, comments, etc.
  • Secured non-public feeds.

The last one is a bigger task and one of your proposed projects on its own. The main problem is the tradeoff between security level and compatibility with aggregators incapable of accessing encrypted or password protected feeds. Thus, the second task for the project will be to implement at least two solutions that allow us to provide secure feeds so users can choose the one that better fits their needs:

  1. Hash-coded (obscure) URLs: The only method compatible with any aggregator or device. A big hashed URL should be secure enough for most users, otherwise Google wouldn’t use this approach for their calendars. Both admins and subscribers should be warned of the risks of this method and URL should expire periodically with a last feed message with a link that requires authentication to reveal the updated URL.

  2. “Really” secure feeds: Tokens, public keys and HTTP authentication are among the possible solutions. Besides 1, at least one more of the mentioned methods should be implemented for the project.
    Firefox’s Greasemonkey plug-in may be the easiest to implement, as only server-sided code needs to be written. From there plug-ins for other aggregators as Safari and IE could be developed, or even better and forward-looking, implement native Atom encryption which should be adopted by all major aggregators in the near future.

RSS & Aggregation

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: