Hi there,
Drupal has a distributed authentication system (http://drupal.org/node/312) that allows any holder of an account from a participating site to log into another participating site using his original login (preventing namespace collision via user@sitename for the other sites).
Given the vast number of Wikipedia account holders, might not this system be useful to MediaWiki sites? Adding in some PKI to prevent "remote.spammers.biz" from entering the network (requiring participating sites to "register" with a "auth.mediawiki.org") and ideally making this protocol in concert with, and thus compatible with Drupal (why not after all; the creation of a standard cross-server authentication mechanism would be nice, no?), the smaller sites could benefit from the speed bump to vandals that registration implies without actually deterring potential contributors.
Any thoughts? -RS
That would be an idea, something for the developers to consider.
-- Ryan
On 4/11/05 8:32 PM, "Rahul Sinha" quidire@gmail.com wrote:
Hi there,
Drupal has a distributed authentication system (http://drupal.org/node/312) that allows any holder of an account from a participating site to log into another participating site using his original login (preventing namespace collision via user@sitename for the other sites).
Given the vast number of Wikipedia account holders, might not this system be useful to MediaWiki sites? Adding in some PKI to prevent "remote.spammers.biz" from entering the network (requiring participating sites to "register" with a "auth.mediawiki.org") and ideally making this protocol in concert with, and thus compatible with Drupal (why not after all; the creation of a standard cross-server authentication mechanism would be nice, no?), the smaller sites could benefit from the speed bump to vandals that registration implies without actually deterring potential contributors.
Any thoughts? -RS
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
I have to admit, I very much hope this takes off; are "the developers" on this list or is there somewhere else I should go to advance this idea?
-RS
On 11 Apr 2005, at 11.36 PM, Ryan wrote:
That would be an idea, something for the developers to consider.
-- Ryan
On 4/11/05 8:32 PM, "Rahul Sinha" quidire@gmail.com wrote:
Hi there,
Drupal has a distributed authentication system (http://drupal.org/node/312) that allows any holder of an account from a participating site to log into another participating site using his original login (preventing namespace collision via user@sitename for the other sites).
Given the vast number of Wikipedia account holders, might not this system be useful to MediaWiki sites? Adding in some PKI to prevent "remote.spammers.biz" from entering the network (requiring participating sites to "register" with a "auth.mediawiki.org") and ideally making this protocol in concert with, and thus compatible with Drupal (why not after all; the creation of a standard cross-server authentication mechanism would be nice, no?), the smaller sites could benefit from the speed bump to vandals that registration implies without actually deterring potential contributors.
Any thoughts? -RS
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
This is more or less the right list; though it would also be appropriate to mediawiki-l , the list for all mediawiki developers.
You might also take a look at what the Identity Commons is doing. I don't understand all of the standards involved, but it involves a richer API than just distributed authentication... http://idcommons.net/technology.html
+sj+ _ _ :-------.-.--------.--.--------.-.--------.--.--------[...]
Drupal has a distributed authentication system (http://drupal.org/node/312)...
If we did do something like this, we would probably use a standard like LDAP or ACAP rather than a home-grown one.
Lee Daniel Crocker <lee <at> piclab.com> writes:
Drupal has a distributed authentication system (http://drupal.org/node/312)...
If we did do something like this, we would probably use a standard like LDAP or ACAP rather than a home-grown one.
I have implemented an LDAP authentication patch. It allows authentication from multiple domains, as well as the local mysql database (it even allows the user to choose which to authenticate against).
http://meta.wikimedia.org/wiki/LDAP_Authentication
At the current time it will authenticate, and store some user information in an LDAP database. I plan on making an LDAP schema for user attributes so that all user preferences and such can be stored in LDAP. With user preferences stored in LDAP, not only will users be able to authenticate from a central location to all supported wikis, but their preferences would also roam from wiki to wiki.
Currently unsupported is "mail me a new password", unless the wiki allows authentication through the local database, and even then the user would not be able to change his LDAP password (you have to remember your old password to change it). Hopefully, this feature will be added soon.
I do believe this would be a good option for a technical Single Sign On solution, but thats just my opinion.
Ryan Lane NAVOCEANO
Rahul Sinha schrieb:
Drupal has a distributed authentication system (http://drupal.org/node/312) that allows any holder of an account from a participating site to log into another participating site using his original login (preventing namespace collision via user@sitename for the other sites).
Is this, what is called on mediawiki "Single-user-login" see http://meta.wikipedia.org/wiki/SUL ? Tom
Looks like it.
-- Ryan
On 4/12/05 12:15 AM, "Thomas Gries" mail@tgries.de wrote:
Rahul Sinha schrieb:
Drupal has a distributed authentication system (http://drupal.org/node/312) that allows any holder of an account from a participating site to log into another participating site using his original login (preventing namespace collision via user@sitename for the other sites).
Is this, what is called on mediawiki "Single-user-login" see http://meta.wikipedia.org/wiki/SUL ? Tom
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Hello all
On 12 Apr 2005, at 3.15 AM, Thomas Gries wrote:
Is this, what is called on mediawiki "Single-user-login" see http://meta.wikipedia.org/wiki/SUL ? Tom
They do look similar; the document does not specify a means to achieve this, but rather a definition of the user-side requirements. So I don't know if this is some centrally managed authentication mechanism, which would be entirely appropriate for WikiMedia's projects and ... less so for the other uses of MediaWiki, or whether it does imply a similar system to Drupal's.
While I can see how there is a high convenience factor to just having the MediaWiki community "piggyback" off of WikiMedia's infrastructure, I would submit that making this framework on that can be used on other publishing systems (other wikis, CMSes, blogging systems, etc) would have several benefits: • to users who interact with many different publishing systems, one identity that is both secure and omnipresent is obviously beneficial • specifically to users who might only encounter each publishing system in one installation each, the resistance to registering to contribute is high; they are far more likely to participate in any of those sites, any of those systems, if the "speed bump" which is creating an account presents a more compelling value proposition • to site developers who need/want the features of two different publishing systems for different parts of the site, a user experience involving multiple accounts internal to their site would be quite unacceptable; a unified framework would be one large step towards allowing the site dev to provide a seamless user experience • this may be a little naive, but it would seem that this is only the first of many issues where some communication between the various publishing system development staffs would lead to benefits all around (for system devs reuse of code and "more eyeballs", for site devs more features and greater interoperability, and finally for end-users, again, a more seamless experience, and the ability to leverage their knowledge of how to interact with one publishing system meaningfully to get more out of the others they might work with.
Thanks -RS
wikitech-l@lists.wikimedia.org