Not sure the format here, so I'll do my best to add some clarifications for things I think need to be addressed:
1. Honoring HTTP cache control headers should be a requirement for any implementation that supports caching of HTTP requests. Not doing this creates a situation where developers will have to handle caching completely differently from one container to the next. Cache control header handling is laid out in the HTTP 1.1 spec, and I believe we should, at minimum, require that Cache-Control, Expires, and Pragma: no-cache be supported if the server supports caching. ETags and Last-Modified can be considered, but they're impractical for most systems, so probably not worth addressing.
1.iii.a Requiring a specific parameter being passed to the iframe makes no sense here. This is an implementation detail, and not a terribly flexible one at that. It can't possibly apply when the gadget isn't rendered in an iframe, and there is no way for developers to get at the iframes without losing the context of the containing site.
2.i In the interest of portability, the extended schema should be removed entirely, and several of the attributes should be moved to the canonical spec. Tolerating unknown attributes and tags should be a requirement, so as to allow for extension when needed. Saying that a gadget XML "MUST" conform to the extended spec doesn't really mean anything here. Remove references to igoogle.
3.i We must identify the format of the lang and country attributes here. What are the valid values for country? What are the valid values for lang? Add them or reference them. How are languages with no country resolved? If this is the same as it was for igoogle, please state that here by copying the text if necessary, but don't reference igoogle docs either.
3.ii.2 Need a reference to message bundle processing and substitution instructions
4. Must specify escaping rules and substitution order. Is __MSG_foo__ substituted before __UP_foo__ or after it? If __MSG_foo__ contains the string __UP_foo_, how should it be interpreted? User pref hangman substitutions should be marked deprecated, I think, since they're very dangerous. Require escaping of user pref substitutions since there is no programmatic way to do it, and it will lead to XSS exploits if not done.
5.ii This prose can be removed for the most part since gadgets.util.* is a mandatory library. Documentation for this function belongs in the JS API reference.
5.iii Additionally, there needs to be a concrete explanation of what support means for all features currently standardized under opensocial. These can be separate specification documents entirely, but without them implementation is ambiguous. JS API details are not specific enough, because they don't explain related behavior.
6.i.a Wasn't there an agreement about how quirks would be handled?
6.i Most of this is implementation detail. Implementation detail doesn't belong here.
6.ii What "provided url"? This implies some concrete implementation, such as an iframe. If an iframe is required, the spec needs to say so.
6.ii.b What format are lang and country in? The same as the servers? Are these an exact match for what is in the gadget xml's <Locale>s?
6.ii.c What does "the server" mean here? The parent page? How does the gadget developer's site know what this url is?
Section 6 also does too much hand waving about type=url, which is misleading and gives the wrong impression about how it can be used. Is it required that the libs parameter point to opensocial js if the gadget requires it? Since there's no actual, proven way to make it work, how can we say "MUST"? Ideally, each feature document should identify whether or not it is required to work with type=url.
"Gadget Metadata Request" (no number): This should be removed entirely. It's a vague concept at best, and anything implementing it would be a complete implementation detail. What happens if my implementation doesn't support this "Metadata Request"? What would it even mean to support it in the first place?
"Context (Container side Javascript)": This should also be removed. It's vague and says nothing relevant, so it just serves to confuse. dynamic-height has a contract, and it shouldn't matter at all what means the container uses to satisfy that contract if it supports that feature. When a gadget calls gadgets.window.setHeight, either the container adjusts the height or it does not -- period.
"Sanitized Content...": This should be a footnote, not a part of the spec itself. It's too vague and, again, tells developers and implementors nothing.
There is an enormous gap in this document, in that it does NOT explain, at any level, what the various tags and attributes in the XSD files represent. For instance:
- What does <UserPref name="foo" default_value="bar"> mean? It isn't mentioned.
- The XSD has an enumeration for the "datatype" field of <UserPref> What do these enumerated values mean?
- What does <ModulePrefs title="Yay title!!!"/> do? What does "title" represent here? Same for all other attributes.
Many more examples, too numerous to iterate. Not having details here has led to confusion amongst implementations, and today what is true on MySpace is not necessarily true on Orkut or hi5 or any other site.