Hey Ernest, The choice of what information is exposed, and what privacy restrictions are in place are completely up to the container, from completely open (always expose all information), which almost no one does btw; To an strictly controlled system where you have to authenticate through OAuth first, and the context of the OAuth authentication is used to check which information that particular instance has access too.
Some of the popular forms of exposing social data include: - Everything open to everyone, no oauth required, but as mentioned this isn't to common - Require 3 legged OAuth, the user is authenticated through the 'OAuth dance', and the associated session has the information of in which context / user id the request is; Which is then used to do your usual checks (only allow access to profile information if the users are friends for instance) - 2 legged OAuth, as above but then the context is the application id, and the check is made on "if the user your requesting information about has this application installed" - A combination of 2 and 3 legged OAuth (this is the ideal picture), with any restriction you want to do using either the application id or the user id to do your checks. The exact details of how you implement/configure this are best left for the shindig-dev mailing list (the main hangout of shindig developers and users), see http://incubator.apache.org/shindig/community/getting-help.html for information on how to subscribe and post to that mailing list. Hope that helps! -- Chris On Wed, Apr 1, 2009 at 4:43 AM, Ernest <[email protected]> wrote: > > The RPC or RESTful services are to provide other containers with > access to our social data. > If it is true, is there no concern about sharing customer information > through the OpenSocial API? I mean any legal or policy related issues. > > Now I'm developing an OpenSocial Container for a customer company. > Some days ago, they asked their container could access other > container's RESTful API if this container developed. Even it is true, > the customer worry about exposing their user data through OpenSocial > RESTful/RPC API. > Is there anyone experienced such kind of issues? > Then, may I get any practical suggestions or recommendations regarding > the RESTful / RPC services? > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
