+1 and not only OAuth data, since some times you need to store data that you dont want your friends to see!
ropu On Tue, Nov 11, 2008 at 2:17 AM, Brian Eaton <[EMAIL PROTECTED]> wrote: > Hey folks - > > I'd like to make it easier for shindig deployments to use OAuth by > reusing the app data store for per-user and per-gadget persistent > storage. > > Proposal: > 1) Add three new methods to AppDataService, > getInternalPersonDataPrivate, updateInternalPersonData, and > deleteInternalPersonData. These would not be exposed to any servlets, > they would only be used by internal code. > > 2) Implement those methods in JsonDbOpenSocialService as filters on > top of filter names. Fields prefixed with __internal_ would only be > available via the *InternalPersonData methods, not via the other > PersonData methods. This will prevent javascript code from reading > OAuth data directly. > > 3) Create an implementation of OAuthStore built on top of > AppDataService. AppDataOAuthStore would > a) map the OAuth data on to the appdata schema. > b) handle encryption and decryption of keys to prevent them from > being accidentally disclosed. > > 4) Create a new shindig java subproject "integration" to house > AppDataOAuthStore and associate Guice modules. This is necessary to > avoid dependencies between social-api and gadgets. > > Comments? I'm working on a patch now. If this seems questionable to > anyone I'll stick the patch in Jira for review prior to submission. > If there are no objections I'll submit and then address any feedback. > > Cheers, > Brian > -- .-. --- .--. ..- R o p u
