RSS Authentication

Jeff Beard posted a graph that shows how the vast majority of hits to his website are courtesy of his RSS feed. While I don’t disagree with Jeff — that RSS feeds make it far easier to distribute your content, and increase the likelihood that your content will get read, let’s not get carried away. My news reader (NewzCrawler) polls my subscriptions every half hour — which means that on an average day I’ll account for at least 20 “hits” to Jeff’s RSS feed. Does that mean I’m reading Jeff’s site 20 times per day? Definitely not (though it is good!).

What it means is that my aggregator is shifting the content to me, and I get to browse content that’s interesting to me when I’m free to do so.

Most statistics programs today don’t have the facility to uniquely identify RSS subscribers, which means it’s nearly impossible to measure the true impact of RSS feeds on your readership. This raises an issue I’ve been thinking about for a while: if I wanted to provide a secure RSS feed (i.e., password-protected), how would you go about doing it?

Seems to me that the various aggregator vendors are going to need to support a standard for authentication in RSS feeds. I’m not the only one who’s thought about this — see this thread from August as one example. (Note: Userland’s suggestion that you pass the username and password through the URL string is flawed for a number of reasons, not least of which that URLs are sent cleartext and can easily be compromised.)

Bottom line — aggregators and web servers will need to be able to pass authentication information back and forth so that individual subscribers can subscribe to private RSS feeds. This would vastly improve RSS as a content delivery vehicle, and would also answer Jeff’s question above about how many people are subscribing to his site.

The real power of such a paradigm is for value-added feeds: you might get excerpts for free but have to pay for full content. Or people like Esther Dyson could publish her Release 1.0 (subscription cost: $795/year) to subscribers via RSS; only those who have valid ID could get the feed.

Update, 2006: For those finding this post via a search engine (which, according to my logs, is a number of you… for the past 18 months I’ve worked for FeedBurner, in part because of what I recognized back in 2003: RSS is an extraordinarily powerful mechanism for publishers to deliver content. I realized then that measuring RSS would be critical, and right around the same time a group of smart guys were starting a business to address that need: FeedBurner was born, and I joined in early 2005 to help build out the business. If you’re a publisher looking for help understanding how to make RSS a part of your content strategy, drop us a line.

3 responses to “RSS Authentication”

  1. Measuring Blog VisitorsethicalEsq complains about what he believes may be inflated or meaningless blog traffic statistics. Web site traffic is notoriously difficult to measure, and RSS feeds aggravate the problem. The key point here is that not everything useful can be quant…

  2. Measuring Blog VisitorsethicalEsq complains about what he believes may be inflated or meaningless blog traffic statistics. Web site traffic is notoriously difficult to measure, and RSS feeds aggravate the problem (& comments here). The key point here is that not everything u…

  3. Measuring Blog VisitorsethicalEsq complains about what he believes may be inflated or meaningless blog traffic statistics. Web site traffic is notoriously difficult to measure, and RSS feeds aggravate the problem (& comments here). The key point here is that not everything u…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.