One of the most often asked for features for the Blog@Case system is to provide access control to individual blog entries or, even, an entire weblog i.e. put passwords on them. Right now, there is no way to do this. And, even in providing this functionality, it begs the question "is this something we even want" or "are we using the wrong tool for the job here?"
There are three ways to "protect" a blog or an entry. The first and most simple way is the methodology used in Password Protect Entries and other similar plugins. That is, for an entry you want to protect, you create a password for it. Anyone seeking to view the entry is prompted to input the password to view it. I would assume, then, you would email the password out to those individuals you would want to be able to read the entry.
This begs the question, why not just send the contents of the entry in the email?
The second way to provide access control is to integrate weblog entries with LDAP authentication and authorization. In this scenario, users could, when creating entries, provide a list of those Case users whom he or she would like to be able to access the entry.
This scenario fails brilliantly if you want someone lacking a Case account to be able to access your entry. Without Federated Identity implementations hitting critical mass, there is no good solution to this problem other than just combining it with another system.
The final way (that I can think of) is to be able to create local "blog" accounts. So, if you have http://blog.case.edu/foo, you could create local accounts. Bill would get the account
bill with a password of "mario". Mary would get the account
mary with the password "zelda". Jen would get the account
jen with the password "samus".
First of all, the tools to support this final solution would take considerable coding. Not to mention that, now, every blog owner is running, troubleshooting, and operating his or her own little account management system. Creating new accounts. Resetting passwords. Having accounts get hacked. Running into confusion from other users trying to access the protected contents. Headaches. Headaches. Headaches.
And, all of this, all of it is ignoring the problems introduced into the blog's syndicated feeds. I guess one would just omit them from the feeds. But, a weblog without syndicated feeds... that's like a ballpark stadium hot dog without spicy brown mustard (or another equally absurd metaphor which describes an item lacking an essential accessory which effectively removes the greatest piece of its functionality).
It all feels to me that a tool is being used incorrectly like sending sensitive and confidential data over email. You can do it, but it isn't the optimum solution and can lead to a false sense of usefulness.
I am going to have to mull it over some more. There may be an elegant solution to this which is in my blind spot. Furthermore, I would rather implement something and have my reservations proven wrong by widespread effective use of it. But, my initial take is that it is a case of misconstruing a tool to solve a problem that would be better suited with another tool.