Finally, our reference implementation of MessageZoo.com will be released in the wild (pun intended). MessageZoo was designed as a simple video messaging system and has been an in-house project for a few weeks now. Since we got way too many requests to make this application available to external users, we will be launching it as a full-blown messaging portal tomorrow. Feel free to check it out: http://www.messagezoo.com/.

MessageZoo utilizes the version 1.0 of the OKStream widget factory in a mix of 70% widgets - 10% Core API - 20% Native code application. It was designed as a test-case implementation and helped us weed out some of the usability issues in the active widgets. There are a few tricks we applied to the callbacks to make it work in the iFrame model that I'll be describing in more details in the next few days.

There have been quite a few inquiries already about the security model of the widget factory and if there was a way to remove the need for a hash generation from the algorithm. After taking another look at the security model and sampling what else is out there for embeddable module security, I am still convinced that the SHA1 hash algorithm provides most benefits without putting too much integration burden on the developer:

1. This algorithm is already widely used by many service providers for one-way integration with their systems;
2. The security of the model is adequate. Breaking the hash is not impossible, but it's highly improbable. And even if the hash got broken, all you need to do is update your Preshared Key (PSK) to neutralize the effect;
3. The amount of effort required on the integrator's side is minimal. Since the developer already has access to all the parameters that comprise the source string of the hash, there is no extra work that is really needed;
4. SHA1 libraries are available off-the-shelf for most popular development platforms, including .NET, Java, PHP, PERL, Python, etc.;
5. Hey, we like our implementation, isn't this a good enough reason?

Feel free to comment on the implementation or suggest alternatives - we are always open to new ideas. In the meantime: happy coding!

Oh well, it was inevitable. While working on the video blog engine application modules we flirted a few times with the idea of developers' blogs. So here is our first stab at this. Bare with us while we are getting this up to speed. I guarantee you, presented with the choice of writing documentation or blogging about the office events, our developers' won't think twice.

 Welcome to the OKStream: Behind the Curtain