Just as an idea, would it be possible for Wikimedia Foundation to
establish some kind of joint project with the SimpleSAMLphp-folks?
Those are basically Uninett, which is FEIDE, which is those that
handle identity federation for lots of the Norwegian schools, colleges
and universities.. The SimpleSAML solution is in use in several other
projects/countries, not sure whats the current status. The platform
for FEIDE is also in use in several other countries so if the log on
problems in Norway are solved other countries will be able to use the
Note also that OAuth 2.0 seems to be supported.
In april this year there is a conference GoOpen 2012
) in Oslo and some folks from Wikimedia
Foundation is there, perhaps some folks from Uninett too? Could it be
possible for interested people to sit down and discuss wetter a joint
project is possible? Uninett is hiring for SimpleSAML development and
that could be interesting too!
On Wed, Mar 14, 2012 at 12:13 AM, Thomas Gries <mail(a)tgries.de> wrote:
There's really two separate things that these systems can do.
The classic OAuth scenario is like this:
site A: Wikipedia
site B: Huggle
Site B initiates a special login on site A using a shared secret; on
success, site A passes back authentication tokens to site B which verify
that user A allowed site B access.
Site B then uses those tokens when it accesses site A, in place of a
OpenID, SAML, etc seem to be more appropriate for this scenario:
site A: Wikipedia
site B: University
These systems allow user B to verify their identity to site A; one
possibility is to use this to associate a user A' with the remote user B,
letting you use the remote ID verification in place of a local password
authentication. (This is what our current OpenID extension does, basically.)
These are, IMO, totally separate use cases and I'm not sure they should be
treated the same.
The Extension:OpenID can be used for both cases ( given, that you set
$wgOpenIDClientOnly = false; )
"The extension makes a MediaWiki installation OpenID 2.0-aware and lets
users log in using their OpenID identity - a special URL - instead of
(or as an alternative to) standard username/password log in. In that
way, the MediaWiki acts as Relying part (RP) = OpenID consumer.
*As an option, it also allows the*_*MediaWiki to act as OpenID
provider*, _so that users with an account on that wiki can use their
userpage URL as OpenID with which they can log in to other OpenID-aware
$wgOpenIDClientOnly = false;
if you want this
Wikitech-l mailing list