On Feb 4, 2008 4:01 AM, Reinoud Elhorst <[EMAIL PROTECTED]> wrote: > How then would the secure phone home be implemented? To sign stuff like the > ownerid, the gadget server needs to have reliable information on the > ownerid. I believe it can only have that by either parsing the st, or asking > the container-backend for the viewer/owner/appid, passing on the st?
I lean towards the latter. Someone trying to glue together a container and the gadget server configures/writes code for the gadget server to talk to their app data server. That includes operations like verifying the security token. > (I understand that how the secure phone home is being done is an > implementation detail, still I'm wondering on what the idea is on how to do > that in Shindig) I think it should be implemented in a manner similar to the patch attached to this bug: https://issues.apache.org/jira/browse/SHINDIG-35 Cheers, Brian
