More below.. On Thu, Mar 12, 2009 at 11:12 PM, Hafiz A Haq <hafiza...@gmail.com> wrote:
> Thank you Louis for the response. Please read my responses inline. > > > 2009/3/12 Louis Ryan <lr...@google.com>: > > Notes below > > > > > Currently there is no public application directory for you to use so > until > > that happens you will need to build your own. By syndicate do you mean, > > allow gadgets hosted by your site to be embedded in other peoples web > > pages? > > By syndication i meant both ways, that is to retrieve a list of > opensocial compliant gadget xmls created by external developers and to > provide a list of gadget xmls hosted by my SNS. I am looking for a > webservice/webservices which provides the list of various opensocial > gadget available across a variety of opensocial sites(google, orkut, > hi5...) > To provide a list of gadgets hosted by my SNS, i assume i should > create a webservice for others to read all the gadget > definitions?(AFAIK shindig doesn't have a mechanism for that) Yes, Shindig doesn't provide directory features. Some containers may provide feeds of gadgets they support but I personally don't know of any. > > > You should be able to call RpcServlet using XHR to do this, alternatively > > you can do this server side either by calling RpcServlet or by running > your > > own internal equivalent embedded in Shindig. What do you see as the > > disadvantages of XHR beside the roundtrip costs? > > Apart from roundtrip communication time, i was wondering about the > security issues associated with sending user preferences with JSONP. Why JSONP? If the gadget iframe is rendered in your domain its just XHR. If the iframe if rendered in a 3rd parties domain how is the gadget content provided? JSONP is only useful when you don't control the domain on which the gadget is rendered which is pretty unusual for a container. If you want a 3rd party container page which has a gadget iframe rendered on your domain to pass information to your domain directly without using gadgets.rpc then JSONP is one way to do it but there is no request integrity or reliable origin verification. > > > Thanks and Regards, > Hafiz > -- > He who asks is a fool for five minutes, but he who does not ask > remains a fool forever. >
