This may or may not be obvious, but I would like to make a request regarding the data that will get signed into _IG_Fretch_Content() requests originating from OpenSocial containers.
I think the primary thing that Service Provider apps will want to validate is the viewer/owner relationship. To that end, it would be really handy to make every _IG_Fretch_Content() request contain a signed: * gadget owner ID * gadget viewer ID * owner/viewer relationship (i.e. "friends" or "public") with respect to the container If this info can be made non-spoofable, Service Providers can reliably apply privacy settings, not to mention allow the gadget owner to set privacy settings from within the container. Thanks for your consideration, and all your hard work. - nate --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial API Definition" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---