On 23 Feb 2009, at 15:31, Scott Wilson wrote:
Because many widgets are small local applications offered for remote
services that use different user accounts, oAuth is a very important
and relevant technology. Which is why, for example, it has been a
major task in the oAuth and OpenSocial/Gadgets community to
integrate the technology.
((Note also that last I heard oAuth was going to IETF for
standardisation))
See:
http://www.ietf.org/mail-archive/web/oauth/current/msg00085.html
https://datatracker.ietf.org/meeting/74/agenda.html
I guess my question is mostly what part of oauth would likely be in
scope for a widget spec. My sense is that the likeliest point of
interaction could be a hand-off mechanism between browser and widget
to enable a browser-based OAuth authorization decision outside the
widget itself. That sounds like it could be added later.
I also suspect that the specification that is going to be most
relevant for combining OAuth and Widgets is going to be XMLHttpRequest
level 2.
