By default, IBM
® Connections uses the gadget administration store and limits the access of gadgets to the OpenSocial container based on feature access and remote procedure call (RPC) arbitration.
For security, gadgets are only granted access to a subset of the features that are available in the container. Feature access is dictated by trust settings that are specified in the gadget catalog.
The following table shows a list of features. Use this feature list to attach or specify additional features that should be whitelisted.
Table 1. Container features
|Mapping to Homepage user interface (UI)||Policy group name ||Policy group name features||Description|
|Restricted gadgets||GADGET_BASE||cloo |
|The base set of features that are available to all gadgets. |
Note: *** The osml and opensocial-template features are limited in the IBM Connections gadget container and do not support variable replacement.
|System administrators can enable these features via the administrative web UI or wsadmin settings to indicate a higher level of trust for gadgets. These features do not represent major security exposure, however they involve a larger degree of container interaction than is possible with the base functions.|
|Trusted gadgets within a single sign-on (SSO) domain||GADGET_SSO||sso-domain||System administrators can grant access to the sso-domains feature via the administrative web UI or wsadmin settings. This feature ensures that gadgets are rendered in an iframe that is hosted in the SSO domain.|
|Not applicable. These settings are only available via wsadmin.||GADGET_CUSTOM_1, ..., GADGET_CUSTOM_5||None||Customers can define up to five custom groups. Each group is applied to gadgets via wsadmin commands. |
Gadgets request access to particular features that dictate which RPC services they require to function. After access is granted, gadgets are restricted from publishing or subscribing to any RPC channels for which they have not been whitelisted.
RPC endpoints are included with the OpenSocial feature to make them available to gadgets. RPC endpoints that are not part of a set of whitelisted and requested features for gadgets are prevented.
Parent topic: Developing widgets