On Sun, May 11, 2008 at 5:22 PM, Kevin Brown <[EMAIL PROTECTED]> wrote: > This code seems pretty useless to me. I think the ideal way to get the > viewer / owner / app id would be to do one of the following: > > - Pass them unencrypted into iframe params (encourages developers to rely on > them being there or to not use signed / oauth requests, which is bad) > - Retrieve them from the parent page using gadgets.rpc (my preferred > solution) > - Retrieve them from the social data service
I like the third option, since it can be efficiently implemented using either of the first two mechanisms. The social data API should be able to answer questions about owner and viewer id without requiring round trips to the server (or the container page, for that matter.) The comment in the code about special @viewer and @owner tokens in the RESTful spec seemed like a reasonable option as well.
