[andr]

This is great, I was thinking about making a similar app, but never got around to it.

I'd love a simple ACL for channels. For example, you could do S3-style channel+timestamp+hash authentication, with the hash generated on the server with a secret key. Then for every channel I'd have channel17@r for read-only access, channel17@w for write-only, and channel17 for rw access (default). The way I understand the current system once I have the key for a channel I have unlimited access to it forever.

[aaronblohowiak]

I am working on something exactly like this, but as an open-source NodeJS project.. it lets you define a parameter (by default, session_id) and then checks a memcache instance for that key, and uses that to get access to channels with a specific prefix (by default "user:")... so you can have a channel "user:34343". This shoves authentication back into your app with the only dependency being a memcache instance shared by the NodeJS server and the web server. All of the other communication is similarly RESTful. if you want an email when i've got more to show, let me know.

[maxthelion]

Glad you think it's cool, we are pretty excited.

Authentication and access control are features which are very important, and we are working on a couple of options for doing it. Something similar to what you have described is the current favourite, though the hashing probably won't be passed through at channel level.

We decided to get the Pusher launched into beta with stuff like this left out so that we could get a gauge for people's general enthusiasm for such a service.

We'll be busy in the next couple of weeks reacting to feedback, so it is great to have these kind of comments :)