Sent from my mobile device, please forgive errors and brevity. On Nov 6, 2011 6:30 AM, "Scott Wilson" <[email protected]> wrote: > > On 5 Nov 2011, at 16:15, Ross Gardler wrote: > > > On 5 November 2011 14:56, Scott Wilson <[email protected]> wrote: > >> On 4 Nov 2011, at 17:02, Ross Gardler wrote: > >> > >>> [cross posted to wookie, rave in context and myExperiment, please keep > >>> your feedback on the appropriate list] > >>> > >>> If anyone has been hearing about/watching my work on MyExperiment W3C > >>> Widgets (and the associated Wookie templating system) and want to see > >>> them in action take a look at [1] > >>> > >>> I've also implemented a Wookie connector in Javascript (will put in > >>> Wookie ASAP). This allows an "application" to be built using widgets > >>> that can instantiate/discover widget instances and navigate to them as > >>> appropriate. You can see this by examining the myExperiment mobile > >>> application at [2] > >> > >> I'd been thinking about a pure client-side connector too, so you've save me some work there. > > > > OK, the code is at > > http://code.google.com/a/apache-extras.org/p/rave-in-context/source/browse/trunk/widgets/common/scripts/wookie_controller.js > > > > It's a bare minimum for what I need it to do right now. I have every > > intention of bringing it to Wookie so if you want to bring it here > > before I have time, feel free. It is Apache Licensed. > > Great, thanks. > > One of the problems with using a JS-based connector is that you have a much higher risk of exposing the API key. However, if we use two-legged oAuth to sign the message using a secret (which isn't transmitted with the message) the risk is reduced - though its still up to the connecting app to protect that secret. >
Right, the system I've built is for a very special, same origin, use case. > I've got this working in my dev environment using a jquery oauth plugin on the client side, and a modified security filter at the Wookie end. > Cool. Ross > Of course it doesn't change anything about same-origin restrictions; in this case I've mainly done it to enable Widgets hosted by Wookie to make secure calls to the admin APIs without using basic auth. > > > > >>> We're still adding functionality and working on the CSS to make best > >>> use of various sizes of screen. On a desktop size screen we intend to > >>> use Rave to provide multiple widgets on the page at once (at this > >>> point we really need Inter Widget Communication). > >> > >> I think if Sten, Erik or any of the other ROLE project guys (who are probably lurking on this list...) were to supply an OpenApp IWC <feature> patch for Wookie I think it would be very gratefully received :-) > >> > > > > That would be fantastic. having seen the ROLE stuff working > > cross-browser I am keen to get the code here. I know that it will > > result in plenty of benefits both ways. > > > > Ross >
