John Erling Blad pointed us to this thread. I was not subscribed to the list, so I'm sorry that this repond probably creates a new thread.
We, UNINETT, operates Feide, the norwegian Identity Federation for students from lower and higher education and research institutions in Norway. Feide would allow services, like Wikipedia, to verify end users (with some additional user data, like userid, email and name etc) using the SAML 2.0 protocol. The end users will then login on their instituion login page using their institutional credentials, they will also have single sign-on to other sites.
We also maintain the software package SimpleSAMLphp, that implements the various roles in the SAML 2.0 protocol architecture, including support for acting as a Service Provider, which will be the relevant role for a service like Wikipedia. SimpleSAMLphp is implemented in PHP, and while we are not maintaining mediawiki extensions to integrate with others, I believe others have done some efforts:
http://www.mediawiki.org/wiki/Extension:MultiAuthPlugin http://www.mediawiki.org/wiki/Extension:SAMLAuth
SimpleSAMLphp is one of many open source products implementing SAML.
We have a good contact network of other educational Identity Federations across the world, and in particular Europe and US. We have been part of two initiatives for allowing service provider to connect to a wide range of Identity Federations (at once), including GEANT eduGAIN and Kalmar2. http://www.geant.net/service/edugain/pages/home.aspx https://www.kalmar2.org
Identity Federations, like Feide, can provide:
* verified accounts, something that may help controlling trolling. * user convenience of not having to register or maintain another set of credentials, + the convenience of SSO.
If you are interested in doing a pilot with connecting wikipedia to Feide, we may provide you with further details to proceed with that.
The user centric Identity Federation paradigm, represented by protocols like OpenID (and others), will (usually) not provide you with verified accounts, but still get you the user convenience of SSO and re-use of existing account.
OpenID has went throuh a few versions, 1.0 and 2.0, and currently OpenID Connect is beeing sorted out. OpenID Connect differs signficantly from earlier versions since it is built upon OAuth (a good thing). We're also a bit involved with the OpenID Connect standardization. As part of the GÉANT Identity Federation project in collaboration with Kantara Initative, we will be responsible for implementing an automated interoperability test facility for OpenID Connect, like this: http://www.youtube.com/watch?v=3mGA79T0hPg
OAuth "alone" can not provide authentication of users to Wikipedia from external sites. But, it can be used to grant a user authorization to wikpiedia content through a back-channel REST API (without exposing credentials through this api). I believe that was the idea that this thread started with, which seems like a very good idea, but a very different idea than offering federated login. OAuth also exists in multiple versions, and I think it would be reccomended to go for OAuth 2.0 for any new projects that have not supported earlier versions of OAuth.
Andreas Åkre Solberg UNINETT AS - http://rnd.feide.no