Tag Archives: api

Thoughts: Open Standards and Technology for Movie Rental Business

I have been thinking about open-standards for movie-rental business. I searched to find about such standards but I couldn’t locate. Do you know of any?

Basically, a set of specifications/protocols which can be implemented by different players in movie-rental chain. Players include studios, distributor, application-developers, portals, et. al.

Rough thoughts:

  • A studio/distributor implements this specification/protocol and exposes API  for metadata/streaming(or playback)/file-access from their own server
  • Third party developers use the API to to pull metadata and play the content
  • Third party developers can charge the user and split the revenue with content owner
  • Or, studios/distributors can enable payment-gatway APIs as part of their offering
  • Content is always played directly from studio/distributor’s server
  • Studio/distributor have total control over their assets and also charge based on subscription/per-access
This would solve many problems (billing, stats, etc.), however, there would be concerns:
  • someone (end-user, third-party developer) might try to cache/save streams as file and distribute
  • and other concerns?
Once we have specifications and protocols in place – a stack using open-source technologies can be built as template, and made available so that everyone in chain can use/customize it to build their part.
I wanted to talk about it on twitter but 140 chars were too short to express my thoughts. Anyway, it’s good to have a blog post in place.
Please share your views.

YouTube announces Upload API, Chromeless Player with JavaScript API and H.264 videos

YouTube has announced a lot of new features:-

This is really amazing, we can build kick-ass applications that would use YouTube’s platform for media upload, conversion (trans coding) and delivery, seamlessly.

I am yet to confirm, how easy it is to load and control YouTube’s player in our Flash/Flex apps? Controlling loaded SWFs is hard, unless it allows cross-site scripting through Security.allowDomain (“loaderdomain.com”). I hope, some day Flash Player would have more Security APIs, which would let us expose a set of interfaces to loaders (SWF loads another swf from different domain).

In any case, we can overlay iframe/div to show the video. That’s what I am doing for Yahoo! Live Mashup.

Update (March 12, 2008): YouTube’s chromeless player can be loaded in Flash/Flex applications and can be controlled. That’s what I heard Geoff Stearns, Flash Engineer in YouTube and SWFObject developer, saying in this video.

Technorati Tags: , , , , , , ,

Adobe Flash Player’s Security-Sandbox is very restrictive

Adobe Flash Player Security-Sandbox is very good and we have not heard any major security vulnerabilities so far. However, I think, it can be made more intelligent, I have some use-cases where I can’t do anything.

XMLSocket API is cool, since it’s inception, developers could create cool applications (multi-player games, chat-apps, presence-apps etc). XMLSocket servers (unity, swocket etc) is needed to comply with a specification in order to work with Flash Player (as a client). Since developers are using/creating custom-servers, they could control various things on server-side, f.ex: configuring right security-permissions, serving right policy-file (crossdomain.xml) etc.

With Binary Socket API, in Adobe Flash runtimes, things have changed a lot. Applications (for Adobe Flash runtimes) can now connect to servers using standard protocols (POP3, SMTP, Databases, HTTP etc). Totally cool feature which allows creation of kick-ass applications (Yahoo! Web Messenger, mySql driver etc). But Adobe Flash Player’s security-sandbox is limiting Binary Socket’s capabilities.

I have been working on a library (as3httpclient) to do more things (http-status-messages, http-authentication over GET request, support for more http-methods etc) which are not supported by URLLoader API. This library (as3httpclient) doesn’t work in deployed web-application because Adobe Flash Player’s Security-Sandbox restricts it to.

I have following questions/concerns:-

  • When URLLoader (or other such native APIs) can connect on any port, why can’t custom APIs (as3httpclient and others) connect?
  • Why can’t Flash Player be little more intelligent to check, if connection is made to a HTTP server? Rules could be:- If connection is requested to same domain and destination-port is assigned to HTTP server, let communication happen. If destination server:port is in different domain, check for valid crossdomain.xml and allow the connection?
  • Why doesn’t Flash Player consider to-ports attributes, if policy-file is served over HTTP?

With standards, we expect flexibility. We can’t expect a HTTP server to push policy-file to Flash clients? That’s not standard.

Technorati tags: , , , ,