On Tue, 13 Mar 2012 04:50:05 -0800, Petr Bena <benapetr(a)gmail.com> wrote:
Hi, it's been almost 4 years since we came with
the idea of
implementing an OAuth to mediawiki. I think it's time to start.
Question now is if it should be a part of core or extension for
mediawiki. I myself would rather make it as extension, since there is
probably no use for most of installations, except for large wikis.
Quote:
OAuth provides a standard protocol to negotiate secure access tokens
and to provide third-party tools (web or client) with granular access
to private resources. This protocol does not reveal usernames or
passwords to the third-party tool. Offering OAuth based authorization
on Mediawiki wiki's will increase the reusability of its data and spur
the creation of an ecosystem of app's around Mediawiki.
Is there anyone who is willing to help with this? If there is no one
interested in this, or no comments, I would start a new extension
called OAuth, which only purpose would be to enable this feature in
mediawiki.
- We should support more than 'just' OAuth. There are reasons one might
want OAuth 1, others might want OAuth 2, someone may come up with a better
OAuth 3, or we may come up with a custom auth setup such as Google's
application passwords for sites with no ssl.
- We need generic code for handling the grouping of permissions that are
handed out to applications.
- Generic code for revoking applications and specifying new applications.
- We need revisions, logs, etc... to all be able to be annotated with
information about what application made the change.
- We need tools that will allow administrators to block applications and
easily and quickly revert large batches of changes made by an application
that has gone rogue.
Hence OAuth should really be implemented as a combination of core code an
extension.
The code that annotates revisions, etc... should be implemented in core.
Along with permissions grouping. The UI for specifying, revoking,
blocking, etc... applications. Perhaps an abstract UI for the visuals of
what an "Allow" / "Deny" page will look like.
Core would then be given a pluggable interface for protocols that allow
for authorization of users.
An OAuth1 or OAuth2 extension would then be implemented that implements
OAuth using that pluggable interface so that OAuth becomes an option for
applications.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]