shindig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Brown" <e...@google.com>
Subject Re: bridge between the container and the gadget server
Date Mon, 04 Feb 2008 17:59:35 GMT
On Feb 4, 2008 9:46 AM, Brian Eaton <beaton@google.com> wrote:

> On Feb 4, 2008 4:01 AM, Reinoud Elhorst <claude@claude.nl> wrote:
> > How then would the secure phone home be implemented? To sign stuff like
> the
> > ownerid, the gadget server needs to have reliable information on the
> > ownerid. I believe it can only have that by either parsing the st, or
> asking
> > the container-backend for the viewer/owner/appid, passing on the st?
>
> I lean towards the latter.  Someone trying to glue together a
> container and the gadget server configures/writes code for the gadget
> server to talk to their app data server.  That includes operations
> like verifying the security token.


This puts too much burdeon on potential consumers of Shindig to have to
place app data server logic into the gadgets server. We've been
intentionally avoiding this from the beginning. The GadgetServer shouldn't
be required to know anything about the app data server. All communication
with the app data server can happen over the proxy (if on a different host
name), directly within the gadget via XHR if on the same host, or over IFPC
(in the container mediated model). The security token is an opaque string
that is simply passed on in this case. The only time the gadget server
actually does anything with the security token is when it is being used for
operations like locking down the open proxy.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message