-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org]On Behalf Of Matt England Sent: Saturday, June 04, 2005 10:31 AM To: MediaWiki announcements and site admin list Cc: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Forum software (e.g. phpBB or similar)integration to replace talk pages
For what it's worth, I see 2 problems attempting to be solved when one mentions MediaWiki "integration" with phpBB (or any other forum software):
- Provide a common login and password for each use for each mechanism
(wiki and forum).
- Make talk pages automatically reference forum thread-topics.
Muzaffer, you do not appear to be addressing goal #2. Are you attempting goald #1, or something else? If #1, could you make MediaWiki and phpBB both be clients to an LDAP database?
If something else...can you explain further what purpose you attempt to solve and/or what you want the end result to be? I'm unclear on this point.
He did say "As I said, my goal is not replacing talk pages but give my users a separate forum." So #2, as you've mentioned it above, is the relevant problem. AuthPlugin addresses most rudimentary aspects of this problem.
However, he's trying to solve a third integration problem. He not only wants to share login *credentials* between applications, he also wants to share login *state*. Most web packages including MW and forums store the state on the client in the form of cookies, because HTTP is a stateless protocol. Thus, if you want to share state, both applications must be able to get and set each other's cookies. Since (for example) phpBB's cookie contains attributes that are only interesting to phpBB, but your MW would somehow need to obtain these uninteresting values and write them into a phpBB cookie. To my knowledge, none of the applications involved have encapsulated their security tokens or cookie strategy in a way that is open to extension... therefore you must crack them open to modify them, and accept the possibility of having to rewrite the modules every time they are upgraded.
I decided early on that I wasn't interested in that kind of self-torture. Since all forums have better user management capabilities than MW, the forum is my user management system. MW merely uses AuthPlugin to interrogate the forum whether a username/password is valid. We only have to observe one convention, and that's to tell the users that their forum login is also their MW login. To me, that's better than trying to rewrite major parts of security subsystems. AuthPlugin isn't perfect or comprehensive in this way, but it serves my basic purposes.
Speaking of that... anyone have any thoughts on my "Changing login prompt message" problem? (lol). Ironically, this trivial issue is the final insoluble problem in my security authentication. Can't use an external authentication system if nobody understands that we're using an external authentication system.
-Carlton