Slowly piecing together this thing.... Took a long-time just to figure out that they are iframes, there is no overview which shows how the pieces play together. While opensocial.ning.com doesn't work..... I guess with the architure not complete it's hard but surely someeone in google has the overall idea.
Can't stand the public speaking hype voice used by all these ppl on the campfire video..... Show me real ppl talking english rather then non-technical spin in American advert voice mode. I get enough infomercials on TV. I don't wanna hear how easy it is, or how it takes 5mins, I need to know how it works. I almost fell off my chair when MySpace CTO said they were always on the bleeding edge of providing ways for developers to customise their site.......... Um they sued all the ppl providing those services.... and since when is lightbluetext8, whitetext12, let alone ".text DIV TABLE TR TD TABLE TR TD TABLE TR TD FONT" good CSS layout for customisation. It's just funny hearing that come from a site written in ColdFusion that crashes and has data corrupted about 5000 times a day. Cheapen the whole thing. So this is what I can figure out so far..... [b]OpenSocial Server[/b] - No libraries available, spec not official yet, protocol that speaks gData over AtomPub/RSS/Atom [b]OpenSocial Client[/b] - Javascript library which exposes OpenSocial API for communication with OpenSocial backend providers (myspace, facebook etc). [b]Google Gadget API[/b] - Required to implement Google Gadgets on your site. No library to translate Google Gadgets into HTML/Javascript with hooks for backend that I can see....... Does this have to be custom implemented by anyone wishing to support OpenSocial on their social network site? This API also includes integrated javascript libraries, does the social site provider also need to impletement these in their own way? [b]gData[/b] - Extension of ATOM for some reason...... Needs to be implemented by the backend so it can talk OpenSocial...... Think using gData might be a mistake, already the CakePHP developers are skipping writting a wrapper for it as it's not an open standard..... 90% of this is pretty open, cept for the parts that lock u into googles way of working, this could be a big mistake if the market doesn't accept it. From my POV it feels like you're trying to take over major parts of my backend with proprietry stuff by stealth via open stuff, which leaves me nervious that you may someday take away or change these parts. Can understand Google wanting to work with these formats internally, and understand it is a legit extension of Atom, however that doesn't mean you'll get code written for it by neo-fanboy types. Sooooooooo....... User=The end-user Provider=facebook,myspace etc Author=Gadget developer/author. 1. User gives Provider a URL to Google Gadget API XML file. 2. Provider parses Google Gadget and generates an iframe using innerHTML from the content of the google gadget. Does this iframe load from Authors domain or is it inline straight from the gadget contents into the iframe innerHTML? Where are the XSS issues in this? 3. Gadgets Javascript queries Provider via OpenSocial for friends list etc. Provider has their API exposed in OpenSocial REST/AtomPub format (not completed/fully released). Which leaves me with questions........ What is the context that the javascript runs in? Which domain (author/ provider)? How is it included? When/how is it checked for exploits? Are most functions not available except for specially provided Javascript functions as part of Google Gadgets API? When integrating OpenSocial support on a social site which are the minimum technologies? Does the developer need to implement Google Gadget API including it's Javascript libs? The opensocial part is easy enough and will be easier with some helper libraries. The gadget markup iframe stuff seems like a bit of a job. Does each social site provider need to implement their own security filters to check for rogue javascript? Will it become easier to implement Google Gadget API? Currently it seems like a matter of coding the whole thing from scratch rather then just hooking backend into existing gadget->iframe parsers. -Ben --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
