I would like to have feeds which include any private or protected posts for my user.

Therefore I would like to have something like an "auth_key" param with the feed URLs, if you're logged in, which would allow to use the corresponding user when generating the list of feed items.

auth_key might have a format like ${USERID}-${HASH}, where $HASH would get used to verify that it's a valid user ID, e.g. just by hashing the user ID, with a global salt and the user's password.

What do you think?

(I know that you can work around this by sending a valid session cookie; this is what makes Akregator (a feedreader) also fetch protected posts if you're logged into your site with Konqueror (they both use the same cookie store)).