This has been mentioned before, but can't we resolve naming conflicts by putting the wiki name in front of the username. For instance, two different users have the name Monk, one on en: and one on fr:.
This wouldn't be overly complicated in an LDAP designed SSO world. Each different wiki could get their own ou:
o=wikimedia | ------------------------------------------- | | | | ou=fr ou=en ou=etc. ou=etc. | | cn=Monk cn=Monk
In all reality. In this case, you could have the same username on every single wiki, or even be able to create new users with the same name (when you create a new user on en, it gets put into en's ou). A design like this could complicate things a little though, because a user would have to remember where their user account was created, or they would have to type their username as en:Monk, or fr:Monk. It could be a good way to resolve conflicts.
A better design would be to use something just like above, but only allow the same username for currently conflicting names. New usernames that conflict will not be allowed, so users who do not have conflicting usernames would not have to use the en:User, fr:User type syntax.
This type of design would also limit the amount of security hazard you'd have if a single wiki was compromised (it only has permission to affect the users it created, not the users other wikis created).
Of course, I have no clue if you plan on going with an LDAP solution or not, but I'm guessing this kind of design would work in other systems as well.
V/r,
Ryan Lane
-----Original Message----- From: wikitech-l-bounces@wikimedia.org [SMTP:wikitech-l-bounces@wikimedia.org] On Behalf Of Tony Sidaway Sent: Friday, June 10, 2005 6:02 AM To: wikitech-l@wikimedia.org Subject: Re: Re[2]: [Wikitech-l] Re: Email authentication on Wikimedia wikis + Single user sign-on
Hello Magnus,
Monday, June 6, 2005, 10:49:28 AM, you wrote:
I think I suggested this some time ago, but here it goes again:
- Create "global" users for all unique user names in wiki(pedia)-land
- Merge all users which carry same name and password hash (and maybe
email), where all instances across wiki-land match perfectly
- Block creation of all conflicting user names, both locally and
globally * Work the conflicting ones out one-by-one manually, while keeping them active locally
This seems like the only fair way to me.
what should I do if someone has different usernames on different wikis? for example username "Monk" on en: is taken by someone (was inactive for a long time). I will be unable to create global user name "Monk" at all, if your proposal is implemented.
It seems not too fair way to me.
I think this is unresolvable unless we expire old accounts (which would work for you but perhaps not for others where there are two active users with the same name on different wikis). I happen to think it's bad practise to encourage editors to assume that accounts with the same name on different Wikis are held by the same person--there really is not way of being sure unless the editor puts a link to his other accounts on his userpage. This can be validated manually by the reader simply by looking at the history of the userpage to make sure the information was added by the account owner. I think that's good enough for Wiki. Another possibility which would require development work would be to permit editors to list their identities on alternate wikis in preferences. To set this up the editor should be required to validate by entering his password on the foreign wiki, which is then checked by some suitable method (xml-rpc? SOAP? or else screen scraping) on the foreign Wiki, which must be up and running at the time the validation is carried out. Personally I don't think the benefit of this development-heavy solution would justify the cost.
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org