Hi Bryan
My main rationale for kicking the oAuth can down the road (i.e. pushing back on Erik) in the past has been the lack of PM to keep this focused, the lack of a clear UI strategy due in part to many people in our UX team being so new and our strategy being all over the map, and also because the team was clearly kinda done with this as a project for a while.
The situation is now different on all three fronts. With you taking the PM role very seriously, I feel comfortable that you'd be able to do the necessary user story work and pushing back on design astronautism (if that even becomes a problem). Our UX team has matured quite a bit since the last time we looked at this, and though OOjs UI is still new tech, I think we would get a little better support from our UI tools to make a conforming UI, and "conforming" is at least a little clearer than it was last year. We've all had some time away from the work now, and the experience which we've gained by having the current iteration out there a while can guide our future work.
So, this may be a good project to elevate. Those of you who caught Frank's talk at the last metrics meeting[1] will have a little better understanding why oAuth matters; it's a tool that lets other organizations build tools that interact in important ways with our site. The folks at wikiedu.org are heavy oAuth users, which is why you'll see many requests coming from Sage Ross @ wikiedu.org in particular.
None of this is to say that this is the most important thing on the backlog, but merely to provoke fresh thinking on the topic.
Rob
[1] https://meta.wikimedia.org/wiki/WMF_Metrics_and_activities_meetings/2015-01
On Tue, Feb 3, 2015 at 2:05 PM, Bryan Davis bd808@wikimedia.org wrote:
Chris has an epic in the mw-core backlog tracking OAuth fixes that we could focus on instead of SOA Auth.
https://phabricator.wikimedia.org/T86869
There are a few things that are compelling about considering a shift of focus to this for me:
- We already have a list of things to work on!
- Erik is *really* interested in improving OAuth
- We started this project and know that there are things we'd like to
polish up
- This has a more visible impact than core code cleanup
- We can probably come up with metrics to go along with it
The down sides:
- Authn/z will need work eventually
- We need to keep working on SOA Auth RfC either way
Thoughts? I'd be happy to have a conference call with the current team and anyone else who is interested to discuss this if it seems like that would be more efficient.
Bryan
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855
MediaWiki-Core mailing list MediaWiki-Core@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-core