Hi,
On 08/10/2015 06:23 PM, Gergo Tisza wrote:
tl;dr should OAuth [1] (the system by which external tools can register to be "Wikimedia applications" and users can grant them the right to act in their name) rely on community-maintained description pages or profile forms filled by application authors?
Wiki pages please :)
Some of the benefits and drawbacks of using wiki pages:
- they require very little development;
- it's a workflow we have a lot of experience with, and have high-quality
tools to support it (templates, editing tools, automated updates etc.);
- the information schema can be extended without the need to update
software / change DB schemas;
- easier to open up editing to anyone since there are mature change
tracking / anti-abuse tools in MediaWiki (but even so, open editing would be somewhat scary - some fields might have legal strings attached or become attack vectors);
I assume these wiki pages would be some kind of structured ContentHandler pages? We could restrict editing those fields to the application owners then?
- limited access control (MediaWiki namespace pages could be used, as they
are e.g. for gadgets, to limit editing of certain information to admins, but something like "owner can edit own application + OAuth admins can edit all aplications" is not possible);
If it goes in a separate namespace, you can
- hard to access from the software in a structured way - one could rely on
naming conventions (e.g. the icon is always at File:OAuth-<application name>-icon.png) or use Wikidata somehow, but both of those sound awkward;
If the data is stored in a structured format, it should be easy to access.
- design/usability/interface options are limited.
In what way? ContentHandler lets you override and customize pretty much everything...
-- Legoktm