Of course it's possible to start work on both, if there is enough developers who are willing to work on it. SAML is something else than OAuth, which solves the problem with "trustworth" of 3rd application (prevent account from being compromised by 3rd application which ask for user password), SAML does it too at some point, but it rather secure the exchange of credentials between two trustworthy systems. The problem we are facing now, is that mediawiki has no possibility of authenticating user other than asking for a password. And even if developers of application which uses mediawiki don't want their application to ask for a password, they have to and since making a web applications which do that, isn't allowed by wmf (such sites are likely to be blocked from accessing wikimedia servers) it totally block development of any web application which could work with sites hosted by wikimedia.
On Tue, Mar 13, 2012 at 4:10 PM, John Erling Blad jeblad@gmail.com wrote:
Exporting authentication from Mediawiki by OAuth is probably both acceptable and interesting, even if OAuth is said to give a rather weak security. It could be that people are a bit confused about OAuth vs OpenID.
In some of the projects where I've been involved the problem is not about exporting authentication, but more about how to log on to a Mediawiki-powered site from an other central site doing identity federation. The existing extensions don't handle this very well.
Could it be possible to start a work on both importing and exporting identity, authentication and authorization, perhaps focusing on both SAML and OAuth? For serious use it seems to me that SAML is more important than OAuth, while the later is more widespread in social networks.
John
On Tue, Mar 13, 2012 at 3:18 PM, Jeff Ferland jeff@storyinmemo.com wrote:
In.
-Jeff
On Mar 13, 2012, at 8:50 AM, Petr Bena wrote:
Hi, it's been almost 4 years since we came with the idea of implementing an OAuth to mediawiki. I think it's time to start. Question now is if it should be a part of core or extension for mediawiki. I myself would rather make it as extension, since there is probably no use for most of installations, except for large wikis.
Quote: OAuth provides a standard protocol to negotiate secure access tokens and to provide third-party tools (web or client) with granular access to private resources. This protocol does not reveal usernames or passwords to the third-party tool. Offering OAuth based authorization on Mediawiki wiki's will increase the reusability of its data and spur the creation of an ecosystem of app's around Mediawiki.
Is there anyone who is willing to help with this? If there is no one interested in this, or no comments, I would start a new extension called OAuth, which only purpose would be to enable this feature in mediawiki.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l