One of the more frustrating aspects of calendaring systems is that the freebusy lookups are all proprietary. Meeting invitations can be sent from one system to another (assuming you know a time to meet). However, it is not possible to lookup when someone from Lotuslive, someone from gmail and someone from Yahoo are all available [...]
The REST api for opensocial makes its appearance in opensocial 0.8. The specification references some other specifications that are also worth a look.
OAuth Consumer Request – This is proposed as the means for server to server authentication between the Consumer site and the Service provider. It has the potential to replace basic auth [...]
Facebook exists because a simple usable federated identity system doesn’t. Wired’s challenge to tear down the social networking silos seems easier to solve if we had such an identity system and I would think that the openid community would take up the reins and lead the charge.
I was therefore somewhat aghast when I saw the [...]
Update: March 5th 2007: Important change to the recommendation for Safe JSON detailed below. It is not as safe as people think, but it can still be made to be safe.
We have been investigating the security implications of having a JSON api in Connections. It turns out that it is very easy to leave pretty [...]
So for a while now, we have been trying to figure out a standard means to lookup someone’s freetime from their calendar (called freebusy in the calendaring world). We knew we wanted a REST service that could be passed url parameters, we even had a demo one up on the net.
The problem, though, had always [...]
So my previous post described some of the challenges involved in maintaining security in a site, such as a blogging site, that allows unrestricted / unfiltered user authored content and suggested "HttpOnly" cookies could mitigate some of the risk . "HttpOnly" cookies are, however, not a complete solution.
The remaining problem is described in one of [...]
I am currently working on a multi-user blogging application for corporate deployment. One of the more interesting challenges is how much flexibility we should allow blog posters with their content. Do we allow them to post javascript and if we do what do we do about XSS vulnerabilities.
Here’s the problem, a user can make a [...]