OpenSocial insecurity – no user to app authentication

I was pretty excited to hear about Google trying to set a standard for social network applications. I wasn’t so happy to notice a serious omission in the way security is handled.

Executive Summary: no user authentication! Any user can forge anybody else’s identity when interacting with any OpenSocial application. As it currently stands, it is not possible to write secure social applications on the platform.

[Read more →]

OpenSocial vs. Facebook API – an analysis

Executive Summary

  • OpenSocial applications will have diverging look-and-feel, from each other and from the containers. This is because the containers do not provide common elements to blend the application into the container.
  • OpenSocial applications may not be vertically resizable, since they will exist in an iframe. However, Google has an API For resizing that some or all of the networks may implement
  • Facebook has additional API functionality that is not present in OpenSocial
  • The Facebook API is server oriented, whereas the OpenSocial/Google Gadgets API is client-side JavaScript oriented

[Read more →]