Embeds United!
I'm somewhat alarmed that there really isn't a "Life of a Widget/Embed" that has best practices on how to embed Google Content on third party sites.
Has anyone tackled this before? Obviously +1, adsense, youtube, maps, analytics and others all use their own mechanisms.
Is it time to consider deploying common infrastructure for these use cases? Especially for systems that require the ability to identify a Google user?
So here's my proposal.
* Use oauth2 semantics everywhere: tokens and api requests.
* Use a single bootstrap system to identify js domain, collect API keys as needed.
* Generate two new types of OAuth tokens that do not contain user info.
- 'Anonymous-by-domain'
- 'Anonymous-by-domain-by-api-key'
* Allow an account widget that can move you from anonymous -> identified -> authorized. (including multilogin, signin and account registration)
If all the various embeds used this common system we'd have a way to enable personalization on third party sites more easily and provide a clear way to go beyond.
Am I barking up the wrong tree?
#googplus