Re: Separation of Gadgets and OpenSocial (Option 2)
1 view
Skip to first unread message
llia...@google.com
unread,
Nov 2, 2009, 6:03:07 PM11/2/09
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to jon.we...@gmail.com, opensocial-an...@googlegroups.com
In general, I'm not sure all of these changes are predicated on the
social vs. plain ol' gadgets distinction. For example, information
about the owner and viewer may be useful even in a non-social
environment.
http://codereview.appspot.com/144071/diff/1/2#oldcode574 Line 574: <t>sign_owner: gadgets.io.RequestParameters.SIGN_OWNER
(default 'true')</t>
I'm not convinced it makes sense to remove these. Regardless of being
"social", a container make know (and care) about the identity viewing a
gadget and the identity that "owns" the page a gadget is being rendered
on
http://codereview.appspot.com/144071/diff/1/2#oldcode841 Line 841: <t hangText="opensocial_app_url">Required. The URL of the
application
Some identifier for the app must be included in the signature.
Otherwise, if the Foo gadget sent a request to the Bar gadget's backend,
there would be no way for Bar's backend to tell if the request came from
the Foo gadget or the Bar gadget (n.b. in the case of public key
signing).
Put another way, oauth signatures let the server verify that request
came from the container, but don't account for the fact that multiple
app are running on thta container.
http://codereview.appspot.com/144071/diff/1/2#oldcode845 Line 845: <t hangText="opensocial_instance_id">Optional. An opaque
identifier
I don't think we can remove this either. A container allowing multiple
instances of a gadget is different for it being "social"
http://codereview.appspot.com/144071/diff/1/2#newcode864 Line 864:
https://[container-hostname]/[application-name]/certificates/xoauth_public_keyvalue
I think we can drop the [application-name]. i.e.
https://[container-hostname]/certificates/xoauth_public_keyvalue
http://codereview.appspot.com/144071/diff/1/3#newcode512 Line 512: <section title="Public Key Location">
I think we can just use
https://[container-hostname]/certificates/xoauth_public_keyvalue and not
include this section in the opensocial spec.
http://codereview.appspot.com/144071/diff/1/3#newcode517 Line 517: <section title="gadgets.views.ViewType"
I think these should remain in the gadgets spec. Views are related to
how a gadget is rendered, not whether it is social or not.
Also, this spec does not require all containers to support all views
(hence the getSupportedViews method).