same problem here, how do we make sure that the person viewing is an authenticated owner or has just swapped values in JS.. Its really important for developers to set permissions regarding usage of gadget.. Also it would be helpfull if we can get some information from the cookie like login status, user id etc..Thanks ~@@[EMAIL PROTECTED] http://aakash-bapna.blogspot.com
> Date: Tue, 4 Dec 2007 16:37:46 -0800> Subject: [OpenSocial] Suggestion for > OAuth-signed "phone home" requests> From: [EMAIL PROTECTED]> To: > [email protected]> > > This may or may not be obvious, but I > would like to make a request> regarding the data that will get signed into > _IG_Fretch_Content()> requests originating from OpenSocial containers.> > I > think the primary thing that Service Provider apps will want to> validate is > the viewer/owner relationship. To that end, it would be> really handy to make > every _IG_Fretch_Content() request contain a> signed:> * gadget owner ID> * > gadget viewer ID> * owner/viewer relationship (i.e. "friends" or "public") > with> respect to the container> > If this info can be made non-spoofable, > Service Providers can reliably> apply privacy settings, not to mention allow > the gadget owner to set> privacy settings from within the container.> > > Thanks for your consideration, and all your hard work.> > - nate> > > _________________________________________________________________ Share life as it happens with the new Windows Live.Download today it's FREE! http://www.windowslive.com/share.html?ocid=TXT_TAGLM_Wave2_sharelife_112007 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial API Definition" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
