Hi guys just a small comment.
Encryption in the Security Token is used for privacy, and the Signature is used for consistency (aka, no spoofing) besides that detail, what chris explained is cool. my 2 cent ropu On Tue, Nov 4, 2008 at 8:47 PM, Chris Chabot <[EMAIL PROTECTED]> wrote: > The token is something that is generated by the container (the social > network site), and is digested by shindig and it contains the: > - owner id > - viewer id > - app id > - module id > - gadget url > - container name > > Javascript has nothing to do with this, except that it passes the binary > encrypted blob along from it's iframe url value (the container put it > there), to the social back-end calls it makes (aka shindig). > > The reason it needs to be encrypted is because it provides the security > that the owner == the actual owner and the viewer == the actual viewer, > without the protection from encryption you could fake your own token and > pretend to be anyone... which is bad :) > > Now the confusion probably comes from the fact that the -static demo > container- uses a fake, plain text, demo token .. in the format of > "owner:viewer:etc:etc". This is just because it's hard to make proper > encrypted tokens in javascript, and because it's kind of nice to be able to > edit it in a demo environment ... however this is *not* at all meant for > anything like a real site / situation and is only there for demo reasons! So > all that plain text token stuff you see in javascript, please just forget > you saw that when your thinking about a real implementation :) > > -- Chris > > > On Tue, Nov 4, 2008 at 10:26 AM, nvgigigan <[EMAIL PROTECTED]> wrote: > >> >> I do implement the all shindig thing in our web site and did test with >> a non encoded secure token (everything was working pretty well) >> except that I cant found the right way to use an encoded secure token >> now. >> I'm using the javascript to create a valid container so I guess it's >> somewhere inside the javascript? >> >> I saw in partuza that you're using PHP to generate the container, and >> I understand the code, but I didn't understand in JS >> >> Thanks for your help >> >> > > > > -- .-. --- .--. ..- R o p u --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
