In cases where a tool is keeping an authentication database, and is not
acting on behalf of a user, then OpenID would let the tool eliminate its
username/password store.
This is exactly what I'm saying. It doesn't do this. If a tool has a
username/password store, i.e., it uses the username and password of each
user, enabling OpenID wouldn't solve the authentication problem. Like I
said, it only works in cases where the bot does all of its work under its
own account.
Sure, it would be great, but allowing authentication as a consumer is a
much more difficult step, and we're not ready to take it right now. OpenID
as a provider solves some long-standing problems and
is a step in the right
direction, let's focus on one thing at a time.
How exactly is it so difficult? You just set the configuration option for
the extension.
*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com
On Fri, Feb 22, 2013 at 6:48 PM, Ryan Lane <rlane32(a)gmail.com> wrote:
> On Fri, Feb 22, 2013 at 3:19 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
>
> > To be absolutely clear, this does *not* solve the problem of bots/tools
> > authenticating on behalf of a user. All it does is solve the problem of
> > where a bot/tool authenticates under its own user account and, out of
> pure
> > courtesy for the community, asks users to prove their identity before
> > allowing them to use the bot/tool. For bots/tools that actually perform
> > edits as the user, OpenID would be useless.
> >
> >
> You're confusing use cases. What you're talking is the use case for OAuth.
> This thread isn't about OAuth. I believe we have plans to add OAuth next
> quarter, but if you wish to continue discussing it, please make a new
> thread.
In cases where a tool is keeping an authentication database, and is not
acting on behalf of a user, then OpenID would let the tool eliminate its
username/password store.
>
>
> > Also, I think Wikipedia acting as an OpenID consumer would be bounds more
> > useful than acting as a provider. That's not to say that having both
> > wouldn't be a good idea, but the consumer side of it should definitely
> be a
> > priority. Think of sites now like StackOverflow, where creating an
> account
> > is as simple as pressing a few Accept buttons.
> >
> >
> Sure, it would be great, but allowing authentication as a consumer is a
> much more difficult step, and we're not ready to take it right now. OpenID
as a provider solves some long-standing problems and
is a step in the right
direction, let's focus on one thing at a time.
>
> - Ryan
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l(a)lists.wikimedia.org
>
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>