Hi Alexei, my idea was to generate an SDK that does the SOAP/REST API calls for the user. Your task has several security issues that we will not be able to push to a public version: The URL you are talking about would contain the SOAP/REST or even admin user. So by simply looking at the URL the user would have all access rights to the OpenMeetings server.
It is essantial that the entity that does the SOAP/REST APi call is NOT the end user that enters the conference room. That is why all those SOAP API calls are implemented in PHP and not in JavaScript. You would never give any end user your SOAP/REST API credentials. The calls to integrate should always happen from server to server. Sebastian 2012/9/6 Alexei Fedotov <[email protected]>: > Hello folks, > > I think of Openmeetings marketing. I suggest the following feature which > serves mostly for marketing purposes. For some special case I want to get > rid from hash. The secure hash makes things more secure, and more complex. > We need some form of lightweight integration people can try themselves. > > The suggested interface is the following: > <iframe src=" > http://demo.dataved.ru/openmeetings/?public=1&firstname=UrlEncodedFirstName&lastname= > UrlEncodedLastName&language=LanguageNumber"></iframe> > > It works best with 80 port tunnelling. The simpler URL is, the more people > will try it and put into their web sites. We get more users, more testing > and, maybe, more contributors. > > Here is some data I used to come to the feature: > 1. Monitoring of google search results for "embed videoconference into your > web site". > 2. Jitsi plug-in where I invented special "SOAP proxy" for requesting the > hash due to very special network configuration our client uses. > 3. A request from a web portal to embed the web conference. They do not > embed html5 banners because it is too complex, only swf or gif. > 4. Discussions with Maxim. > 5. Most of our clients use one room per server. > > DDOS/security problem workarounds: > the feature is switched off by default, we enable it on demo servers with > free registration > the "public" server room has a limited number of users by default, so one > can expect no more than > > Sebastian, folks, > is it ok to have this feature in the main branch? > > -- > With best regards / с наилучшими пожеланиями, > Alexei Fedotov / Алексей Федотов, > http://dataved.ru/ > +7 916 562 8095 > > BTW, at some point we may start using standard language codes instead of > numbers. -- Sebastian Wagner https://twitter.com/#!/dead_lock http://www.webbase-design.de http://www.wagner-sebastian.com [email protected]
