On Thu, May 15, 2014 at 9:20 PM, Quim Gil qgil@wikimedia.org wrote:
There are good reasons to plan for Wikimedia SUL only (consistency with the rest of Wikimedia projects), and there are good reasons to plan for other providers as well (the easiest path for most first-time contributors).
If there's a problem with SUL/centralauth and you can't log in either to the wikis or to phabricator then how do we report/track that issue?
(I'm a bit less worried about the case where SSO/federated auth breaks but wiki login is still working.)
Also, have we considered two factor auth (2fa)? or are there some users (security bugs?) that should have different requirements than other users?
What do you think? Should we offer alternatives to Wikimedia login? If so, which ones?
I'm not sure about whether to open to any service under the sun. Would need to be sure that users are very clear about what happens if their choice of auth service is compromised or their account their is compromised or service decides to shut down.
-Jeremy