- Widgets (aka gadgets or "social applications"). Produced by anyone, these can be embedded on any page that supports them.
- Containers. Places where widgets can be embedded.
Widgets use OpenSocial Javascript APIs to request information from the site on which the widget is embedded. This includes information about the current user, the user's friends and their activity.
Accessing information about the user from a third-party site can be authorised via OAuth.
Shindig provides open-source reference implementations of the OpenSocial Container API in Java or PHP, which allows sites to host embedded widgets. Shindig uses Caja to securely allow embedded third-party widgets to run Javascript.
Sites without their own social networks can use FriendConnect to host embedded widgets, essentially becoming an OpenSocial container without having to run Shindig or maintain social networks and user profiles locally.
FriendConnect can be used to request information about the current user, the user's friends and their activity from an external social network (rather than the site on which the widget is embedded).
At least that's how I understand it so far.