Hi Johannes,
I'm not part of the core development team (in fact, I've only submitted a couple relatively insignificant patches). However, this is an issue I've been tracking pretty closely. Nevertheless, don't take this as anything other than as the very possibly incorrect observations of a fringe participant.
The SSO activity has been somewhat dormant for a couple months now, but is probably can be resurrected if someone (you?) volunteers to shepherd the effort. My understanding is that Brion would like to implement an AuthPlugin for SSO. OpenID/LID/etc would be a probably be a phase two sorta thing; phase one is reserved for intra-Wikimedia SSO.
If someone (you?) were to say, implement a LID server and client for MediaWiki, that would give it a big head start over other potential solutions. It wouldn't be the simplest solution to intra-Wikimedia SSO, but it would work, assuming that the LID libraries are mature enough to deal with Wikimedia's demands. If such a solution were to get substantial testing outside of the Wikimedia realm of servers, that would be a big argument for the maturity of the solution.
I myself was working on this type of thing a lot more a couple of months ago, but put that work on hold to work on a MediaWiki election plugin I'm close to releasing. I'll eventually want to return to auth work, but don't see that happening in the next month or two.
Rob
On Wed, 2005-10-05 at 12:55 -0700, Johannes Ernst wrote:
I heard three different views on SSO wrt MediaWiki/WikiPedia so far:
- The different Wikipedia sites (e.g. en.wikipedia.org and
de.wikipedia.org) should require a user only to log on once. Once logged on the user should be known across those Wikipedia sites (and only those).
- A MediaWiki installation (e.g. in an enterprise) would like the
MediaWiki user management subsystem to participate in an SSO environment (e.g. an enterprise single-sign-on system). Auth_Plugin.php and various LDAP projects seem to have made some headway there.
- A Wikipedia user (and any MediaWiki user) should be able to "bring
their own" identity, which MediaWiki software should recognize. The advantage of this is that it includes the previous two items as special cases -- and because there's nothing special about Mediawiki with respect to logins: every website has that problem, and would like the problem to go away.
I'm interested in #3, specifically using URL-based personal digital identities (such as the URL of their blog). How would one practically go about doing this? [I'm new to how the wikipedia software projects typically work out]
Some background is here: http://cis-berkman.editme.com/ http://openid.net/ http://lid.netmesh.org/wiki/Main_Page
Thank you,
Johannes Ernst
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l