Here is a very good outline of the issues enterprises face when implementing RSS systems behind the firewall.

Enterprises will use RSS on an intranet differently than consumers on the Internet. The biggest differences are driven by:

• How enterprise collaborate within an Intranet. For example, feed ratings for public Internet sites are useful but do they have a role for Intranet sites? Maybe, but how do they apply to enterprise applications providing personalized feeds?

• Teams within companies work closer together and need to work from a common set of information.

• Access control is a much bigger concern.

• Companies have tiers of staff and management that have access to different things.

• Often times Sarbox controls use the words “need to know” so access to information not directly attributable to your job also needs to be addressed.

• Companies have different computing infrastructure components such as identity management systems and system management suites.

• Companies need to manage internal IT services. They need to understand system capacity and performance trends. They may want usage reports to properly assign costs of resources.

In my opinion enterprise RSS requirements fall into these categories:

Identity

This has to do with determining the identity of the user monitoring a feed and handing that identity to the application serving the feed. This often gets lumped in with “Security” but identity is an important requirement all on its own. It not only determines access control but also provides the basis for personalization of information delivered.

The technical challenge here is integrating with a Company's single sign-on system.

• For desktop-based aggregators operating within the context of a browser this may not be a problem since many enteprise SSO systems are web-based and the aggregator application may share the same credentials as the browsers.

• For desktop client systems this can be a challenge since RSS is delivered via a web server, which are protected behind a web-based SSO system.

• For server-based aggregators this becomes more challenging since it involves using delegated credentials. The server is requesting access to a URL (which can map to a database transaction or just about any application function) and must be able to provide identity to the system serving the URL (the web server or enterprise application). For that matter, the user may not even be online when the feed URL is fetched.

Security

Where are the risks in the RSS system that can be compromised and how do we mitigate that risk?

Some that come to mind are feed credentials (for external feeds that do not take part in the enterprise SSO system) and maintaining the privacy of a user's feeds. Any part of the feed information may have sensitive information whether it is the URL, feed title, or contents of feed items.

This could mean simply limiting access to an individual's feed to the individual only, but not always. Perhaps we want to provide limited access, possibly based on groups defined in a corporate directory, to feed data. Although searching across multiple feeds is a good thing it too must honor the privacy of individual feed owners; showing results the searcher only has access to and not showing those feeds that are not allowed.

Integration

How does the RSS system integrate with the company's identity management components? How can the service be managed? Can we monitor it's health and availability? How can we backup and restore the system? Finally, can other applications integrate with it using an api, xml/soap, or even (are you ready for this?) RSS.

Administration and Service Management

Administering systems is probably the biggest headache for IT departments. The best gift a vendor can provide is the ability to delegate administration to the end-user as much as possible.

Adding users should be a non-event if it integrates with SSO.

Also, can it provide for sharing of feeds? Perhaps a department wants everyone to see the same set of feeds. Can these be bundled, shared, and access controlled by an end-user?

Finally, what type of reporting does the system provide? Are we running out of capacity? Are there feeds that take up room but no one is using?

Share This

This entry was posted on Monday, October 31st, 2005 at 2:32 pm and is filed under RSS Aggregation, Learning 2.0 Services. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site. Your comments will be moderated but will appear as soon as humanly possible.