Re: Separation of Gadgets and OpenSocial (Option 2)

1 view
Skip to first unread message

llia...@google.com

unread,
Nov 2, 2009, 6:03:07 PM11/2/09
to jon.we...@gmail.com, opensocial-an...@googlegroups.com
In general, I'm not sure all of these changes are predicated on the
social vs. plain ol' gadgets distinction. For example, information
about the owner and viewer may be useful even in a non-social
environment.


http://codereview.appspot.com/144071/diff/1/2
File draft/Gadgets-API-Specification.xml (left):

http://codereview.appspot.com/144071/diff/1/2#oldcode574
Line 574: <t>sign_owner: gadgets.io.RequestParameters.SIGN_OWNER
(default 'true')</t>
I'm not convinced it makes sense to remove these. Regardless of being
"social", a container make know (and care) about the identity viewing a
gadget and the identity that "owns" the page a gadget is being rendered
on

http://codereview.appspot.com/144071/diff/1/2#oldcode841
Line 841: <t hangText="opensocial_app_url">Required. The URL of the
application
Some identifier for the app must be included in the signature.
Otherwise, if the Foo gadget sent a request to the Bar gadget's backend,
there would be no way for Bar's backend to tell if the request came from
the Foo gadget or the Bar gadget (n.b. in the case of public key
signing).

Put another way, oauth signatures let the server verify that request
came from the container, but don't account for the fact that multiple
app are running on thta container.

http://codereview.appspot.com/144071/diff/1/2#oldcode845
Line 845: <t hangText="opensocial_instance_id">Optional. An opaque
identifier
I don't think we can remove this either. A container allowing multiple
instances of a gadget is different for it being "social"

http://codereview.appspot.com/144071/diff/1/2
File draft/Gadgets-API-Specification.xml (right):

http://codereview.appspot.com/144071/diff/1/2#newcode71
Line 71: capabilities like a rich set of social APIs.</t>
"Applications like OpenSocial" confuses me. I think we can do without
this last sentence.

http://codereview.appspot.com/144071/diff/1/2#newcode838
Line 838: <t>Adding application specific parameters to the request query
Change the colon ":" at the end to a period "."

http://codereview.appspot.com/144071/diff/1/2#newcode864
Line 864:
https://[container-hostname]/[application-name]/certificates/xoauth_public_keyvalue
I think we can drop the [application-name]. i.e.
https://[container-hostname]/certificates/xoauth_public_keyvalue

http://codereview.appspot.com/144071/diff/1/3
File draft/OpenSocial-Specification.xml (right):

http://codereview.appspot.com/144071/diff/1/3#newcode512
Line 512: <section title="Public Key Location">
I think we can just use
https://[container-hostname]/certificates/xoauth_public_keyvalue and not
include this section in the opensocial spec.

http://codereview.appspot.com/144071/diff/1/3#newcode517
Line 517: <section title="gadgets.views.ViewType"
I think these should remain in the gadgets spec. Views are related to
how a gadget is rendered, not whether it is social or not.

Also, this spec does not require all containers to support all views
(hence the getSupportedViews method).

http://codereview.appspot.com/144071
Reply all
Reply to author
Forward
0 new messages