It's all spinning wheels and self-doubt until the first pot of coffee.

Blog posting delegation and third-party auth

Here's something I've been meaning to post about, brought back to mind from Kim Cameron's post on "Wrong-headed impersonation":

I wish that blog posting interfaces (ie. MetaWeblog API and Atom Publishing Protocol) offered a way to delegate blog posting to a 3rd party app (desktop or web) in such a way as to avoid providing one's login details (i.e. user name and password). For instance, consider both Flickr's and Upcoming's 3rd party token-based authentication / authorization schemes.

In particular, I'm looking at things like del.icio.us' own Daily Blog Post and others. These can be used to auto-post content to one's blog generated elsewhere - but at the price of sharing login details. Granted, you can mostly trust these 3rd parties not to do anything nasty with your credentials, but it would be nice not to have to.

I figure that something RESTful like extending HTTP authentication (ala Atom Authentication) with a token scheme could be interesting, and possibly fit nicely into APP itself. It could probably be retrofit into the MetaWeblog API by specifying a per-app user name and password. I can imagine a WordPress admin plugin that issues approved authentication tokens to restrict the categories and other activities allowed by 3rd party apps.

Just something I'm thinking about, as more services may or may not grow into delegated blog posting.

Archived Comments

  • Wouldn't openID be a better candidate for this?

  • Not really, unless I don't entirely understand OpenID.

    OpenID offers way to authenticate yourself. However, what I want is an easy way to delegate your access to 3rd party apps, without those apps being able to authenticate as you or performs actions outside of the permissions you approve. I don't really want Flickr Uploader, Ecto, MarsEdit to be able to use OpenID to login as me with carte blanche.

    With a token-based system like Flickr has, I can approve delegation to various apps and revoke their access at any time - without ever releasing my login details.

  • At first I had this great idea to build a blog posting proxy service that could grant access to your blog to different services by giving them different usernames and passwords and you could revoke them at any time and it would be great and everyone would be posting to everyone's blog all the time.

    Then I realized I had put on complicator gloves and that it would be way easier to just add new users to my blog without a proxy service.

  • Yeah, I figured making multiple accounts is a way to go when you've got your own install of something like WordPress. It kind of gets stymied, though, if you want the same thing for a hosted service like WordPress.com, Vox, TypePad, or LiveJournal where one account = one blog.

  • It seems to me that the ideal solution to this is to have your blog pull new posts from an RSS/Atom feed that's hosted by the service that is generating your content. Feedburner already has a half-assed implementation of this where they'll pull your delicious bookmarks and flickr photos into your burned feed.

  • @ian: Hmm, yeah, that probably does end up being the least onerous solution - just offer an aggregated feed of one's output. I do like the idea of auto-posting to a blog, though, for the sake of something sorta like daily backups to a system I control.

  • @l.m.orchard: you don't need to just aggregate you can also import posts into your own store. We could come up with a cleverly confusing buzzword acronym like Atom Pull Publishing. You just periodically poll a feed and import the items. Actually, this is kind of what Google Reader is doing. They've even got a namespace in their atom for expressing the original id and the source feed. Perhaps I should write a drupal module.

  • @ian: Hmm, yeah, that does sound like the least complicated way to get outside content pulled into a blog without releasing the blog's login details. I know I've seen / used some WordPress plugins that do basically that, though I've not been happy with any of them yet. I should re-look into why that's been the case

  • @l.m.orchard: in my experience the problems are with the formatting of the content (do blank lines turn into paragraphs, etc) and fragile post IDs (the upgraded wordpress and spammed all my friends on livejournal or planet problem). I'm not sure how to fix either of these problems but I think they're both problems Atom is attempting to solve...