On 2/5/08, Brian Eaton <[EMAIL PROTECTED]> wrote: > > And sliding back to how this got started... how would you feel about > implementing the UserStore and GadgetStore interfaces[1] to talk to > your container's persistent storage? There are some gadget features, > like OAuth, that are tricky to implement without some kind of > persistent storage shared by the container and the gadget server. I'm > definitely interested in approaches that avoid the need for the shared > persistent storage, but I'd also like to keep things as simple as > possible. Are UserStore and GadgetServer simple enough?
I was still not convinced that this is needed. Then I looked through your patch, and dug a little deeper into the documentation. Now I'm just confused :) Only kust now I realised that 3 authentication-methods are available: NONE, SIGNED and AUTHENTICATED [1]. It seems that up until now, I only considered the first two. NONE is clear enough, SIGNED is the oAuth signing I had in mind all along (I believe it's described at [2], and it seems to do exactly what is described at [3]). So I'm wondering what the mystery AUTHENTICATED method should do (it looks like SHINDIG-35 implements it, still English might be easier to get the big picture), and what the goal of this method is (what extra authentication would it provide)? [1] http://code.google.com/apis/gadgets/docs/reference/gadgets.io.AuthorizationType.html [2] http://groups.google.com/group/opensocial/web/validating-signed-requests-from-orkut [3] http://code.google.com/apis/opensocial/docs/0.7/spec.html#remote
