back to article Google OpenSocial: after the hype, the holes

Open standards always cause security problems and Google's OpenSocial API introduced last week is no exception. Not only was an early application based on the standard hacked within minutes, it quickly became evident that OpenSocial is vulnerable and offers an open door to anyone who wants to put a little effort into pushing it …

COMMENTS

This topic is closed for new posts.
  1. Rich
    Paris Hilton

    SNA

    Funny, I seem to remember SNA was used a lot for about 5 or 10 years in the 1990s. Then OSI pulled ahead before stumbling - before TCP/IP became mature enough to actually become useful.

    In terms of the usefulness of OpenSocial, it's pointless having an API or protocol in this area that isn't backed up by a site with critical mass. However technically clever and secure it is. (and basically, security/functionality in this area comes close to being a zero sum game - if you provide the privacy functions a security git would want, the site isn't functional).

  2. John Latham

    Sweeping statement

    "Open standards always cause security problems"

    I stopped reading at this ridiculous assertion.

    John

  3. MattCasters
    Thumb Down

    Troll

    While I agree that "Open standards" are often meant as an oxymoron when used by the likes of Microsoft and other large corporations, to me "open" and "standard" are synonyms. If a standard is not open, it's not a standard at all.

    As such, claiming that all open standards are always causing security problems is fortunately nothing but a troll.

  4. Robert Grant

    Kneejerk

    Was it a kneejerk response? Sounds as though they'd been developing it for a while.

  5. Lexx Greatrex
    Dead Vulture

    Open social versus closed journalism

    There is nothing sinister whatsoever about Open Social. It was developed collaboratively by a wide cross section of the industry. Its licensing is open, and it costs nothing to use or implement. This is no different to how any other open standard works. Often a large player like Google needs to put its weight behind standardisation or it simply never happens.

    The same happened with Microsoft, IBM and co with XML, the same is happening with Nokia, Sony Ericsson et al with compact memory card specs. The list goes on. It is heartening to see competitors in this industry putting aside their differences and working together to produce standards.

    This is nothing like how SNA was developed and licensed by IBM in the bad old days. So I must ask the author if he is criticising the standard because v1.0 is not perfect; or is he just hitching an easy ride on the Google bashing bandwagon?

    As the author may or may not be aware, even poorly conceived standards (HTML1.0 for example) can benefit the entire IT industry and ultimately the end user. To me as an Open Social developer, the 1.0 specification is not perfect but is a very good start.

  6. Ian
    Unhappy

    You what?

    >Open standards always cause security problems...

    I'm sorry? Always? Every single open standard has caused a security problem?

  7. Steve McIntyre
    Thumb Down

    "Open standards always cause security problems"

    Do you have any evidence to back this bollocks statement?

  8. Phillip Rhodes
    Thumb Up

    OpenQabal

    Wow, didn't expect to see OpenQabal mentioned here, but that's cool. Everyone should understand however, that OQ is a project to build truly open social-networking using (mostly) existing standards; and is not a new standard itself. I believe most of what we need to do decentralized, federated social networking already exists, and the goal of OQ is to pull those pieces together into a comprehensive but cohesive platform.

    As for OpenSocial, I have expressed concern about the fact that the "standard" is not controlled by any sort of standards body such as ECMA or IETF or W3C; but I don't hold that up as a reason to avoid it totally. Defacto standards have their place as well, and Google have apparently committed to releasing open-source reference implementations of the OS standard. In the near-term that's good enough for me, and there is a good chance that OpenQabal will actually implement OpenSocial eventually.

  9. Steven Walker
    Thumb Down

    Open standards always cause security problems

    That was a quick read, no need to go past the opening sentence.

This topic is closed for new posts.