1 message in com.googlegroups.opensocial-containerRe: [OpenSocial] OpenSocial Container...| From | Sent On | Attachments |
|---|---|---|
| Daniel Feygin | 28 Nov 2007 11:29 |
| Subject: | Re: [OpenSocial] OpenSocial Container Update |
|---|---|
| From: | Daniel Feygin (dani...@gmail.com) |
| Date: | 11/28/2007 11:29:04 AM |
| List: | com.googlegroups.opensocial-container |
On Nov 28, 2007 7:52 PM, Kevin Marks (Google) <kevi...@gmail.com> wrote:
User Navigation and Privacy
Add to that container authentication via JavaScript API. Apps will invariably use container-supplied user ID to identify and authenticate users. A malicious container can be created with the sole purpose of hijacking the user's identity in that application. I found no mechanism for the application to establish trust with container it is running in. Did I miss it?
Open Source
The initial server languages under discussion are Java and PHP, with others being considered by other containers. Shindig proposal: http://markmail.org/message/yzkaf33e4v3ajfwx
+1 on Java, though I'm sure PHP folks probably need the help more. :)
Application directory and installation spread
Another area of active discussion is how to share Application Directories between containers, and how Applications can gather users. To some extent the policy for Application installation is dependent on each container's policy, but standard RequestApplicationInstall() API methods could be provided, and the container could decide how it prompts the user.
+googol on all these points. For me it is important that RequestApplicationInstall() be able to refer to an arbitrary app, rather than just the one making the call. Shouldn't be a problem with a universal/shared directory service, though parameter can also just be a gadget manifest URL. It would then be up to container policy to dictate proper course of action, probably driven by white/blacklisting status and outcome of a user conversation.
-Daniel