Malte Ubl has written a small abstraction library called xssinterface that enables cross domain callbacks. The site specifies which methods may be called as well as which domains are allowed to call the methods.
The library wraps the postMessage interface and our own cross domain workers. If those options aren't enough, there is a way to use a cookie trick to still get access.
There is a generic Gears worker that Malte uses to wrap his API. If you haven't played with workers yet, you may find it interesting to see a full example.
In it you will see usage of the database and even a timer:
var timer = google.gears.factory.create('beta.timer');
// get a new db handle on each iteration
var db = google.gears.factory.create('beta.database');
// find new messages for meps
var rs = db.execute('select id, message from XSSMessageQueue where recipient_domain = ? and channel_id = ?', [recipient, channelId]);
// there are new messages for the recipient
var id = rs.field(0);
var text = rs.field(1);
db.execute("DELETE from XSSMessageQueue where id = ?", [id]); // unqueue message
xssinterface is a fairly alarming name, so I asked Malte why he would put "XSS" in the name of his product. It turns out he is trying to be lighthearted. Each to their own!