First of all I want to state I'm not an expert in the field of cryptography, so I apologize in advance if this article is flawed either by misconceptions or technical details.
Many intranet applications, used at the organization level to manage internal information, are no more no less than huge spammers. They send us tons of mails everyday in an attempt to keep us informed of every management aspect of the organization, including posts in the intranet forums, task assignments and deadlines, status of indicators, addition or changes in important records, etc.
What if we could read all those notifications whenever we want to, using our favorite RSS reader?
I understand issues of certain classes my require immediate attention and will still need to be notified in particular, but for all others it would be nice to receive a single mail every day with a summary of our pending notifications, which we can read using our feed reader of choice.
But the key problem here is privacy. The feeds have to be readable only for the user they are addressed to.
Using custom feed URLs for each user will not keep the feeds private. The URL can be guessed, but even in case it's impossible to guess, most users access their feeds via feed aggregators, making both the URL and the feed content available to third party companies.
Password protected feeds are of no use either. Most feed reader clients, specially those available in mobile phones, will retrieve the feeds from a third party company, which in turn does the polling of the feeds from the feed servers. In order to do that, they require us to send them the password, which will be stored and used by their servers. The main reason they stand in the middle is to provide a better service, because the device has only one server to poll which will deliver the feeds in a compressed format.
Of course we can trust those companies, but be sure our boss won't do it.
The proposed solution
Feed encryption is the way to go, for both the title and the description fields of the feed. This solution has been suggested many times, but I don't see the feature getting implemented in any of the feed readers I tried in my blackberry.
I think the best way to implement feed encryption is to use RSA public key cryptography. The organization server will deliver a public key to my Blackberry and encrypt all RSS feeds with the corresponding private key before delivery. The client reader software on my phone will automatically decrypt the feeds upon arrival.
In order to get the whole thing working, mobile reader software developers must first implement the required client functionality. Once the feature becomes available, I'm sure many organizations will allow, and even encourage, the use of the RSS channel as an alternative to automated emails, and of course develop the required server modules.
