So, right now a question is if it's supposed to be implemented as extension or in core, or both (in case extension can't be created now, updated core do that it's possible).
I would rather make is as extension since there is a little benefit for most of mediawiki users in having this feature. I think it's better to keep only necessary stuff inside core and keep extra stuff as extensions.
Is there any objection against implementing it as extension? Thanks
On Wed, Mar 14, 2012 at 12:49 AM, John Erling Blad jeblad@gmail.com wrote:
Just as an idea, would it be possible for Wikimedia Foundation to establish some kind of joint project with the SimpleSAMLphp-folks? Those are basically Uninett, which is FEIDE, which is those that handle identity federation for lots of the Norwegian schools, colleges and universities.. The SimpleSAML solution is in use in several other projects/countries, not sure whats the current status. The platform for FEIDE is also in use in several other countries so if the log on problems in Norway are solved other countries will be able to use the same solution.
Note also that OAuth 2.0 seems to be supported. https://rnd.feide.no/2012/03/08/releasing-a-oauth-2-0-javascript-library/
In april this year there is a conference GoOpen 2012 (http://www.goopen.no/) in Oslo and some folks from Wikimedia Foundation is there, perhaps some folks from Uninett too? Could it be possible for interested people to sit down and discuss wetter a joint project is possible? Uninett is hiring for SimpleSAML development and that could be interesting too!
John
On Wed, Mar 14, 2012 at 12:13 AM, Thomas Gries mail@tgries.de wrote:
There's really two separate things that these systems can do.
The classic OAuth scenario is like this:
site A: Wikipedia user A site B: Huggle
Site B initiates a special login on site A using a shared secret; on success, site A passes back authentication tokens to site B which verify that user A allowed site B access.
Site B then uses those tokens when it accesses site A, in place of a username/password directly.
OpenID, SAML, etc seem to be more appropriate for this scenario:
site A: Wikipedia site B: University user B
These systems allow user B to verify their identity to site A; one possibility is to use this to associate a user A' with the remote user B, letting you use the remote ID verification in place of a local password authentication. (This is what our current OpenID extension does, basically.)
These are, IMO, totally separate use cases and I'm not sure they should be treated the same.
The Extension:OpenID can be used for both cases ( given, that you set $wgOpenIDClientOnly = false; ) https://www.mediawiki.org/wiki/Extension:OpenID .
"The extension makes a MediaWiki installation OpenID 2.0-aware and lets users log in using their OpenID identity - a special URL - instead of (or as an alternative to) standard username/password log in. In that way, the MediaWiki acts as Relying part (RP) = OpenID consumer.[1]
*As an option, it also allows the*_*MediaWiki to act as OpenID provider*, _so that users with an account on that wiki can use their userpage URL as OpenID with which they can log in to other OpenID-aware web sites."
set $wgOpenIDClientOnly = false; if you want this
Tom.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l