So, right now a question is if it's supposed to be implemented as
extension or in core, or both (in case extension can't be created now,
updated core do that it's possible).
I would rather make is as extension since there is a little benefit
for most of mediawiki users in having this feature. I think it's
better to keep only necessary stuff inside core and keep extra stuff
as extensions.
Is there any objection against implementing it as extension? Thanks
On Wed, Mar 14, 2012 at 12:49 AM, John Erling Blad <jeblad(a)gmail.com> wrote:
Just as an idea, would it be possible for Wikimedia
Foundation to
establish some kind of joint project with the SimpleSAMLphp-folks?
Those are basically Uninett, which is FEIDE, which is those that
handle identity federation for lots of the Norwegian schools, colleges
and universities.. The SimpleSAML solution is in use in several other
projects/countries, not sure whats the current status. The platform
for FEIDE is also in use in several other countries so if the log on
problems in Norway are solved other countries will be able to use the
same solution.
Note also that OAuth 2.0 seems to be supported.
https://rnd.feide.no/2012/03/08/releasing-a-oauth-2-0-javascript-library/
In april this year there is a conference GoOpen 2012
(
http://www.goopen.no/) in Oslo and some folks from Wikimedia
Foundation is there, perhaps some folks from Uninett too? Could it be
possible for interested people to sit down and discuss wetter a joint
project is possible? Uninett is hiring for SimpleSAML development and
that could be interesting too!
John
On Wed, Mar 14, 2012 at 12:13 AM, Thomas Gries <mail(a)tgries.de> wrote:
There's really two separate things that these systems can do.
The classic OAuth scenario is like this:
site A: Wikipedia
user A
site B: Huggle
Site B initiates a special login on site A using a shared secret; on
success, site A passes back authentication tokens to site B which verify
that user A allowed site B access.
Site B then uses those tokens when it accesses site A, in place of a
username/password directly.
OpenID, SAML, etc seem to be more appropriate for this scenario:
site A: Wikipedia
site B: University
user B
These systems allow user B to verify their identity to site A; one
possibility is to use this to associate a user A' with the remote user B,
letting you use the remote ID verification in place of a local password
authentication. (This is what our current OpenID extension does, basically.)
These are, IMO, totally separate use cases and I'm not sure they should be
treated the same.
The Extension:OpenID can be used for both cases ( given, that you set
$wgOpenIDClientOnly = false; )
https://www.mediawiki.org/wiki/Extension:OpenID .
"The extension makes a MediaWiki installation OpenID 2.0-aware and lets
users log in using their OpenID identity - a special URL - instead of
(or as an alternative to) standard username/password log in. In that
way, the MediaWiki acts as Relying part (RP) = OpenID consumer.[1]
*As an option, it also allows the*_*MediaWiki to act as OpenID
provider*, _so that users with an account on that wiki can use their
userpage URL as OpenID with which they can log in to other OpenID-aware
web sites."
set
$wgOpenIDClientOnly = false;
if you want this
Tom.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l