On 1/30/08, Brian Eaton <[EMAIL PROTECTED]> wrote:
>
> If the container and the gadget server are run by the same
> organization you can use the security token to initiate secure phone
> home. The flow would look like this:
>
> - gadget makes a request to the phone home endpoint on the gadget
> server (e.g. /jsonp?auth=signed) and includes the security token.
> - the gadget server validates the security token and pulls out the
> relevant information about the user and gadget.
> - the gadget server looks up the appropriate phone home key and signs
> the request.
I'm not convinced yet that this is enough. The secure phone home does need
to securely transfer the viewer_id, owner_id and application_id (or
gadget-xml-url is perhaps better), right ("securely" here means "not having
been tampered with")? However, how does the gadget server know whether the
gadget is allowed to view the viewer_id. I believe this is only possible if
either allowing permission to the viewer id would set some signed value
within the gadget, or the actual retrieval of the viewer sets some signed
data (where the latter method seems more appropriate); perhaps I'm missing
something here.
Reinoud
