The API as it currently stands seems to be missing user to application authentication. This means that any user can forge any other user's identity in any app that has a backend.
I've written an article about it, including a proposed solution: http://hyper.to/blog/link/opensocial-insecurity-no-user-to-app-authentication/ Feedback is appreciated. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
