On Mon, Mar 31, 2008 at 2:00 PM, John Panzer <[EMAIL PROTECTED]> wrote: > A lot of the security for this devolves to container policies, which we're > explicitly not specifying much of in OpenSocial. Perhaps the document could > list some reasonable policies, and point out dangers (in a security section) > to watch out for?
That would be great. We can work out security for the reasonable policies first, and worry about the unreasonable ones later. =) > I think I was hoping that key management worked out for the gadget phone > home scenarios would also help out in this situation. Perhaps just with a > small reversal of polarity... We don't really have that worked out. We have ideas, and some of them might be good, but for now it's a matter of containers announcing 'hey, here's where you can download my key'. That doesn't scale very far. Agreeing on a well-known location for downloading certificates from containers would be a good start on key distribution for phone home, but I'm not sure it's the answer for the RESTful APIs because there are more gadgets than containers. A couple of open questions on this issue: - how should a container discover the certificate for http://www.example.com/gadget.xml? - should containers grant identical privileges to http://www.example.com/gadget.xml and http://www.example.com/other.xml?
