Hi Pierre,

 

Your questions are crucial for enterprises but not easy to answer.

 

You can split up the content for different departments by using namespaces and lockdown. We have done this many times for customers and it works very well. The problem is sometimes the user interface, because the employees normally aren’t familiar with the namespace concept, especially if they try to create a new page. We (in BlueSpice) give some support via the page template system. There you can say “I have a new page for Department A” and the template creates the new page in the new namespace. That’s possible way, but that all can be improved J

 

And there is sometimes trouble, because the uploaded media are all in the same namespace.

 

But mostly we find solutions, because images, office-documents are already in the file system or in a DMS or in SharePoint and we build a connector or offer the possibility to use file links. If your customers think twice, he often realizes, that he doesn’t want all documents with all duplicates in the wiki and in the search results. The reading rights for these documents are mostly managed by the Active Directory or LDAP server. So there is no security problem for documents at all.

But to have a “small DMS” in MediaWiki would be helpful or – better - plugins for nice open source systems like agorum. And what is about WebDAV?

 

For large companies, especially for transnational ones we recommend several wikis for different languages, departments or content types. I know Confluence and all the others promises all-in-one-solutions. That’s sounds great for the CIO but for the usability it isn’t. Several wikis are better for orientation (what is this wiki for …), for searching in (results only in your language…) and regarding access control issues. Four or five wikis should be centrally organized in a wiki farm.

 

And, maybe an interesting alternative, we have realized a wiki switch for a supermarket corporation. So you can switch between a “public” wiki for partners and an internal wiki for staff members.

 

Best regards,

Richard

 

 

 

Dr. Richard Heigl

Strategieberatung

 

Hallo Welt! - Medienwerkstatt GmbH

__________________________________

 

Residenzstraße 2

93047 Regensburg

 

Tel.  +49 (0) 941 - 66 0 80-193

Fax   +49 (0) 941 - 66 0 80-189

 

www.hallowelt.biz

heigl@hallowelt.biz

 

 

Sitz: Regensburg

Amtsgericht: Regensburg

Handelsregister: HRB 10467

E.USt.Nr.: DE 253050833

Geschäftsführer: Anja Ebersbach, Markus Glaser, Dr. Richard Heigl, Radovan Kubani

 

 

Von: mediawiki-enterprise-bounces@lists.wikimedia.org [mailto:mediawiki-enterprise-bounces@lists.wikimedia.org] Im Auftrag von Pierre Labrecque
Gesendet: Freitag, 23. August 2013 23:36
An: 'MediaWiki for enterprises'
Betreff: [Mediawiki-enterprise] How do you manage the security in your Mediawiki installation (Enterprise wiki) ?

 

Hello,

 

We continue to do our homeworks concerning a project we have to build a wiki for our enterprise: 80 000 employees, but only 1000 of them could have access to the wiki: usually in read, some people in read/write. We will need per namespace security: some namespaces should not be read by some groups… We don’t want to go with many tons of wikis installation…

 

I wrote a post on another mailing list about it a couple of days ago: http://www.gossamer-threads.com/lists/wiki/mediawiki/381274

I had some very good and helpful comments, but it’s after that I found another mailing list (this one), which seems dedicated to the enterprise usage of Mediaiwki.

 

Here are the requierement we have:

 

Main page

-        NamespaceA (read for departmentA only)

-        NamespaceB (read for departmentB only)

-        ….

-        NamespaceZ (read for departmentZ)

Sometimes, someone of departmentA will need read access to NamespaceZ, etc…

 

I would like to have some testimonials: your experiences, your recommendations… on a specific aspect of Mediawiki: ACL !!! (recurring topic, I believe…).

 

I read http://blog.blue-spice.org/2012/10/23/mediawiki-vs-confluence-not-a-question-of-features/ and found that they use Lockdown and some other extensions around it, to secure the wiki

As everyone, I read http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions and http://www.mediawiki.org/wiki/Category:Page_specific_user_rights_extensions

So, I wrote to BlueSpice team to know if they believe that Lockdown is really secure to write sensitive data in a Mediawiki wiki. Answer was honest: no (as expected).

 

I wrote also to the guy who founded Intelpedia (Josh Bancroft) and he confirms that Mediawiki is the wrong tool to manage that kind of ACL and that they use other tools for sensitive data, not their wiki… I didn’t insist to know which other tool… I was impressed that a guy at this level take the time to answer me, so… J

 

Anyway, could you tell me what is the kind of setup you have on this side (ACL) ? Certainly that some of you use in the facts an ACL extension (Lockdown or others) ? Do you trust them ? Do you have implement some other kind of security ? etc… Wikifarm ? etc…


Sincerely, I believe I have read enough on the web about the subject… now, I need some concrete experiences, from real persons, in real enterprises,…

 

Voilà.

 

Thanks !

 

Pierre