Over the weekend, my challenge was to learn about OpenSocial and create a Silverlight application that uses it.  I did that, with this simple application.  To take advantage of the OpenSocial implementation in Orkut sandbox, you have to create a Google Gadget with the OpenSocial feature, post the gadget on the Internet, and then add the URL of the gadget as an application.  As I looked into the Google gadget API to build this, I found something interesting, the Google Gadget framework exposes the function _IG_FetchContent() that can be used to asynchronously fetch the text at any URL.  This is called cross-domain data access and if enabled in the browser, it opens up a VERY BIG SECURITY HOLE.  One of the challenges in writing Silverlight applications that run in a secure browser sandbox is that they can't access data from a different domain.  For example, if your site is http://blogs.msdn.com, your Silverlight client-side JavaScript can't get data from Web 2.0 services like Twitter at the URL http://twitter.com/statuses/friends_timeline/Synergist.xml and render it out in Silverlight.  To do this in Silverlight today, you have to either do some server-side code to create a bridge or proxy web service that routes the service on the server.  It isn't hard, but it's another step that you have to take, and the server-side code for a PHP website would be different than the code for an ASP.Net website.  I am told that the next version of Silverlight, 1.1, will have a better way of doing that. 

Mash-up and Gadget Frameworks

Other options are to use mash-up and gadget frameworks like Microsoft's Popfly, Yahoo! Pipes, or Google Gadgets that implement this cross-domain data access for you.  Since OpenSocial applications in Orkut are based on Google Gadgets, it is possible for Silverlight OpenSocial applications in Orkut to take advantage of these Google Remote Content APIs to make cross-domain calls.  This can be used to call Web 2.0 services or to composite your Silverlight application from XAML residing on various domains.  Where you would use Silverlight's Downloader object for same-domain data and services, you would use the _IG_FetchContent() and _IG_FetchXmlContent() to access data from external domains.  Here's how I've used it to download XAML from cross domains and populate the Silverlight Scene graph:

var m_root = null;

function OnLoad(sender, context, source)
{
  m_root = source;
 
  _IG_FetchContent("http://hosting.gmodules.com/ig/gadgets/file/113009390747258006757/OpenSocial.xaml", GotXaml)
 
}

function GotXaml(xaml)
{
    var host = m_root.getHost();
    var canvas = host.content.CreateFromXaml(xaml);
   
    m_root.children.Clear();
   
    m_root.children.Add(canvas);
}

Now that's Synergy!

Thank you Google for making Silverlight better!