I propose to split the topic and discuss the creation of ACL for MW
I see three sub-tasks here:
0) Writing a good proposal of how ACL should work. Will it be based
namespaces? or maybe categories (although it's hard to imagine)? or
maybe per-page access? I can help to describe this vision document.
1) coordination with WMF and including ACL into Roadmap. First we
to be sure that the possible patches to the core:
- will not be rejected just because of philosofy of openness
- will not be removed after several versions
I've got no ideas how that can be done. Probably via RFC with
signatures of interested companies.
Actually, the first and the basic step is much simpler - MediaWiki
should perform userCanRead() checks everywhere it displays information
about any page.
It would be very good if such changes are accepted into the core - it
will work as a base for all possible ACL extensions.
I'm now trying to improve API protection in IntraACL (before today it
was provided only by "Title hack" which returned "Access denied"
of any real inaccessible Title object) - and it seems userCanRead() must
be added in almost every ApiQuery*.php file :-X (ApiPageSet isn't used