On Mon, Jun 9, 2008 at 1:27 AM, Rohit Ghatol <[EMAIL PROTECTED]> wrote:
> Hi, > I wanted to know whats the plan for oauth, any idea when we can see this > coming in Shindig. Also, where can I read more about social tokens? There are two sides of OAuth in Shindig: - OAuth consumers (makeRequest) -- this is already implemented. - OAuth service provider (for RESTful) -- Dave Primmer and others are actively working on this for Java; I'm not sure if Chris or anyone else is working on it for PHP. The security token is simply an efficient and secure way to pass credentials to a gadget; it's implemented in the SecurityToken class. It's a cookie equivalent, storing some encrypted key-value pairs for authentication. > > Regards, > Rohit > > On Fri, Jun 6, 2008 at 6:25 AM, David Primmer <[EMAIL PROTECTED]> > wrote: > > > Hi Chris, > > > > Do you mean how compliant with the spec the java social-api server is? > > That's a tough one to answer, since it turns out that the spec itself > > is not really very specific on a number of issues. See my recent posts > > to the spec list. We've found it pretty tricky getting the Atom format > > correct with all the 'hoisting' rules. There's a lot of little things > > to do. Json is much easier. The java server's json format is better > > than the atom format, it is pretty much read-only right now. Doesn't > > do oauth, but does check social tokens. It doesn't do any of the > > optional stuff in the spec and it uses large end-to-end tests instead > > of unit tests but those give it decent coverage. > > > > I think you'll find that you need to invent a lot of stuff to get a > > system that works like a real social network. Shindig, as you know, > > does not come with one. But maybe if you have a real container it's > > not that big of a deal. I've found it hard to code without a real > > fully modeled container. > > > > davep > > > > On Thu, Jun 5, 2008 at 1:35 AM, Chris Chabot <[EMAIL PROTECTED]> wrote: > > > Hey Guys, > > > > > > We had a bit of time pass since these emails, hows the weather on the > > > RESTful spec compliance side now? I kind of started laying the > groundwork > > > today now that i caught up with the email & patches backlog after the > > google > > > I/O and my fingers are itching to get started on this :) > > > > > > -- Chris > > > > > > On May 19, 2008, at 10:16 PM, Cassie wrote: > > > > > >> So the format right now... isn't right... so I wouldn't try to start > > >> coding it on the php side. I am going to try to write some detailed > > >> java tests in the next couple of days that will match the restful spec > > >> exactly (for gets, not posts nor deletes yet). As soon as all of those > > >> tests pass then the js will be good to go spec wise. > > >> > > >> I don't anticipate it taking too long to clean up the json format, but > > >> we are definitely not compliant yet so its good that you asked :) > > >> I'll ping when the js is good to go. > > >> > > >> - Cassie > > >> > > >> > > >> On Mon, May 19, 2008 at 7:52 PM, Chris Chabot <[EMAIL PROTECTED]> > > wrote: > > >>> > > >>> Well that goes without saying (or so i would have hoped), but you > have > > to > > >>> admit in general it is easier to develop when you know what your code > > is > > >>> linked against (javascript libs in this case), is supposed to be > > working > > >>> and > > >>> fully correct to spec :) > > >>> > > >>> I have no idea how far the assumptions in the js code are from the > > spec, > > >>> maybe not at all or not in a way that it would influence a > > >>> implementation, > > >>> thats why i was asking :) > > >>> > > >>> -- Chris > > >>> > > >>> On May 19, 2008, at 7:38 PM, Kevin Brown wrote: > > >>> > > >>>> > > >>>> I think a better goal would be "all versions exactly match the > spec". > > >>>> > > >>> > > >>> > > > > > > > > >
