On Mon, Apr 14, 2008 at 3:05 PM, Raymond Auge <[EMAIL PROTECTED]> wrote:
> Ok, wow... great response x3... next question. > > On Mon, 2008-04-14 at 14:47 -0700, Brian Eaton wrote: > > > You can't trust javascript to specify the app id, it has to come from > > the gadget server (and be signed with the gadget server's private key) > > in order to be trusted. > > In this statement... is "gadget server" really "gadget container" as I > would imagine that the gadget "server" might be some remote site > providing the "application's" blob... where the "gadget container" is > the one providing the runtime environment. I'd imagine that the > "container" is the one responsible for providing the signed token... not > the gadget "server"? The container (never "gadget container") would refer to the specific site that renders opensocial gadgets (MySpace, Orkut, hi5, etc.) The "gadget server" refers to the server that renders the gadget -- essentially the parts provided by org.apache.shindig.gadgets within the Shindig project. The thing that actually serves the gadget xml (and possibly handles proxied callbacks and such) is usually just referred to as the "gadget" (sometimes as the "service provider"). -- ~Kevin
