WorkLight™ Secure RSS Reader

WorkLight™ Secure RSS Reader is a web-based gadget for receiving and viewing RSS feeds. The Reader is shown in the following figure:

WorkLight™ Secure RSS Reader
Figure 1: WorkLight™ Secure RSS Reader

Common feeds are popular news or blog feeds. In the near future, organizations will provide secure feeds to information workers. Secure feeds contain protected information, such as personal details or corporate enterprise data that require reader authorization.

To learn more about secure RSS, click here.

Getting WorkLight Reader

To access the gadget, click on the appropriate link below:

  • Add WorkLight Secure RSS Reader to your Google personalized home page
  • Add WorkLight Secure RSS Reader to your MSN Live home page
  • Coming soon
  • Add WorkLight Secure RSS Reader to your NetVibes home page
  • Coming soon
  • Add WorkLight Secure RSS Reader to your Vista desktop
  • Coming soon
  • Add WorkLight Secure RSS Reader to your Mac OS X dashboard
  • Coming soon

What Is Not Secure about RSS?

RSS (Really Simple Syndication) was designed as an easy way to syndicate and deliver information, like news and blog feeds. Part of this simplicity assumes the information to be retrieved and disseminated is publicly-available and unprotected. As such, the RSS specification incorporates no security mechanism whatsoever.

RSS has become universally accepted as THE way to deliver news and updates. Because of its universal adoption, people now realize that RSS can be being used to deliver additional types of information that were originally not considered in the RSS specifications. And this is where it gets tricky…

As organizations begin to recognize the power of RSS, it makes sense for them to leverage the technology to deliver corporate data to employees and consumers, like information from enterprise applications and databases. However, since these data sources are protected and subject to multiple layers of security, it is not possible to simply build data feeds for public consumption. This data must be protected with the same level of security currently provided by the corporate applications. This is where WorkLight comes in…

WorkLight Reader – How Does It Work?

WorkLight reader can receive and display any public RSS feed without any need for additional tools or infrastructure. You view the feeds just like you would through any conventional RSS reader or aggregator. But, for the first time ever, WorkLight RSS Reader also allows you to view secure RSS feeds.

In order to receive secure RSS feeds, WorkLight Reader operates in conjunction with WorkLight, a server-based product from Serendipity Technologies. This server extracts information from corporate data sources and securely serves it to authorized subscribers using RSS. Data delivered is assured to conform to existing corporate security and access policies.

To demonstrate how this works, below you will find several sample secure RSS feeds. These feeds are generated by a WorkLight server on the Internet that extracts real data from an enterprise database application and delivers them using RSS. By logging in as different users, you will see how application data would be viewed by different employees who use the same application.

Aren't Regular RSS Readers Secure?

Most RSS vulnerabilities arise from the fact that RSS was intended to be used to syndicate and deliver public data. As such, little attention was given to securing the different facets of data retrieval, delivery, and presentation. Here are just a few of the potential threats posed by conventional implementations of RSS:

  • Most web-based RSS aggregators do not support encryption or HTTP (basic) authentication.
  • Web-based RSS aggregators cache user credentials (i.e. username and password) on the user's computer, which creates a risk of being high-jacked by malicious code.
  • Web-based RSS aggregators cache feed data on their servers. There is absolutely no control as of how long this data is cached, how securely it is kept on those servers, and who can access it.

These shortcomings and many more are addressed by WorkLight Reader.

What Security Is Provided by WorkLight Reader?

There are multiple layers of security built into WorkLight Reader and its supporting server architecture. The Reader supports the following key functionality:

  • Multiple means of authentication are supported, including basic HTTP and form-based authentication.
  • Encryption of all data using SSL
  • The creation of a secure channel with the WorkLight server, so that sensitive corporate data never pass through the home page provider (e.g. Google) and are never cached on their servers.
  • Protection from a variety of potential attacks, such as cross-site or cross-gadget scripting

How Do I Use WorkLight Reader?

To use the WorkLight Reader, follow the steps below:

To view news and blog RSS feeds:

  1. Add the WorkLight Reader gadget to your user environment, by clicking on the appropriate link in the "Getting the WorkLight Reader" section.
  2. Once the gadget is visible and active, click "Edit" and then add your favorite RSS feeds, just like you do with other RSS readers.

To view secure RSS feeds:

To access secure feeds, you would add them using the same method as described in the previous steps. The gadget would take care of the necessary authentication and encryption imposed by the data source.

Since there are not yet any secure RSS implementations, we recommend you try some of the sample secure RSS feeds that are provided below. These feeds represent real data from an enterprise database application; in this case, the data represent sales opportunities for two different mortgage brokers. By logging in as different users, you will see how application data is viewed by different application users.

To access the secure RSS feeds, add the following demo feeds to your WorkLight gadget. To do so, proceed according to the following steps:

  1. On the gadget, enter the Google settings (click the pull down menu on the upper right-hand corner and select "Edit")
  2. Copy the following feed URLinto one of the feed fields on the screen: https://gadget.myworklight.com/WorkLight/feed/MyOpportunities
  3. Click Save
  4. When the feed loads, you will be asked for authentication credentials. Enter the user name Amanda and password Amanda.
  5. If you are using Firefox, close the browser's window.
  6. Open a new browser window. Do this by re-invoking the browser from the Start menu. Do not open another tab within the same browser instance, and do not open a new window by selecting File->New Window. Now, access the gadget in your Google homepage, and repeat Steps A through C.
  7. When the feed loads, you will be asked for authentication credentials. This time enter the user name James and password James. Note that feed items viewed by James are different than those viewed by Amanda.

What's Next?

This is just the beginning of the a revolution in which information workers and consumers will be able to securely access personal and sensitive information, using a variety of new Web 2.0 interfaces. Some of these interfaces include gadgets (like the WorkLight Reader), application mashups, and instant messaging. You will also be able to share these types of information securely using tags and relational bookmarking.

What makes this revolution possible is the WorkLight server, which will open up a new world of secure information access. The WorkLight server has been just unveiled at the DEMO 2007 conference on January 31st – stay tuned for more details.

We are actively seeking feedback on the operation and usefulness of the WorkLight Reader. To send suggestions or comments, email us at: product@myworklight.com.

Getting Help

Click here to get help on WorkLight™ Secure RSS Reader.