Karl Dubost points out that it is hard to figure out what email address to send messages to if you want to "de-list" from PubSub...: Karl, Please, accept my apologies for this. I could have sworn we had the policy prominently displayed on the site. I know we used to have it there. This must have been lost when we did a site redesign last November! I'm really surprised that it has taken this long to notice that it is gone. I'll see that we get it back up.
> You see educating users is not obvious it seems ;) No offense, it > just shows that it is not an easy accessible information. And > there's a need to educate Services too. Point taken. I'll get it fixed. It's a weekend now. Give me a few days... I'm not sure, but I think it makes sense to put this on the "add-feed" page at: http://www.pubsub.com/add_feed.php . Do you agree? > Scenario: > I take the freedom to add his feed URL to the service and/or to ping > the service because I want to know when this guy talk about me the > next time. Well the problem is that this guy doesn't want to be indexed > by these services. How does he block the service? Yes, forged pings or unauthorized third-party pings are a real issue. Unfortunately, the current design of the pinging system gives us absolutely no means to determine if a ping is authorized by the publisher. This is one of many, many issues that I hope that this Working Group will be willing to take up once it gets the protocol worked out and has time to think about these issues. I argued last year that we should develop a blogging or syndication architecture document in much the same way that the TAG documented the web architecture and in the way that most decent standards groups usually produce some sort of reference architecture document. There are many pieces of the syndication infrastructure that are being ignored or otherwise not being given enough attention. Pinging is one of them. Some solutions, like requiring that pings be "signed" would work from a technical point of view, but are probably not practical except in some limited cases. (e.g. Signatures may make sense as a way to enable "Fat Pings" from small or personal blog sites. In that case, the benefit of the "Fat Ping" might override the cost and complexity of generating the signature.) Some have also proposed the equivalent of a "do-not-call" list that folk could register with. We might also set up something like FeedMesh where service providers shared updates concerning which bloggers had asked to be filtered out. (That means you would only have to notify one service to get pulled from them all -- a real benefit to users.) Or, we could define extensions to Atom to express these things... There are many options. Today, we do the best we can with what we have. Hopefully, we'll all maintain enough interest in these issues to continue the process of working them out. bob wyman