Hi everyone,
If you were following our planning process this past spring/summer, you probably heard that we had planned to deploy both OAuth and OpenID by the end of 2013.
The good news is that we were able to complete our OAuth deployment (see Dan Garry's blog post on the subject[1]). The bad news is that we weren't able to get OpenID complete enough for deployment, we've decided to put OpenID on hold to make room for some of our other work. Thomas Gries has done some great work on this, and has been very responsive to our input (we're a finicky bunch!) We fully anticipate being able to deploy this sometime in 2014, but we don't yet have an exact plan for making this happen.
We've communicated this through other channels, but hadn't broadcasted it here, so we're a bit overdue for an update.
The Auth Systems page now has the latest information on what we were able to do, and will have more on our future plans as we make them: < https://www.mediawiki.org/wiki/Auth_systems%3E
Rob
[1] "OAuth now available on Wikimedia wikis" Dan Garry: < https://blog.wikimedia.org/2013/11/22/oauth-on-wikimedia-wikis/%3E
Hoi,
According to the website of myopenid [1], they are closing down Februari 1. My hope was for the Wikimedia Foundation to come to the rescue and provide a non commercial alternative to what Google and Facebook offer.
I am extremely disappointed that we are not. I hope that what is done instead has at least a similar impact than leaving it all to the commercial boys and girls. Privacy should not be left to commerce and national secret services. Thanks, GerardM
On 27 November 2013 03:27, Rob Lanphier robla@wikimedia.org wrote:
Hi everyone,
If you were following our planning process this past spring/summer, you probably heard that we had planned to deploy both OAuth and OpenID by the end of 2013.
The good news is that we were able to complete our OAuth deployment (see Dan Garry's blog post on the subject[1]). The bad news is that we weren't able to get OpenID complete enough for deployment, we've decided to put OpenID on hold to make room for some of our other work. Thomas Gries has done some great work on this, and has been very responsive to our input (we're a finicky bunch!) We fully anticipate being able to deploy this sometime in 2014, but we don't yet have an exact plan for making this happen.
We've communicated this through other channels, but hadn't broadcasted it here, so we're a bit overdue for an update.
The Auth Systems page now has the latest information on what we were able to do, and will have more on our future plans as we make them: < https://www.mediawiki.org/wiki/Auth_systems%3E
Rob
[1] "OAuth now available on Wikimedia wikis" Dan Garry: < https://blog.wikimedia.org/2013/11/22/oauth-on-wikimedia-wikis/%3E _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Wed, Nov 27, 2013 at 3:51 AM, Gerard Meijssen gerard.meijssen@gmail.comwrote:
According to the website of myopenid [1], they are closing down Februari 1. My hope was for the Wikimedia Foundation to come to the rescue and provide a non commercial alternative to what Google and Facebook offer.
I am extremely disappointed that we are not. I hope that what is done instead has at least a similar impact than leaving it all to the commercial boys and girls. Privacy should not be left to commerce and national secret services.
Our account security honestly makes us a poor choice for an auth provider and you should have never considered us for this anyway. We don't have password requirements, we don't offer two factor auth, we don't offer good ways to rescue a lost account, and we really don't want to be a target of attack for the purpose of owning other websites.
Also, if you're really concerned about privacy you should be putting your support behind Mozilla's BrowserID (Persona).
- Ryan
Also, we allow people to login via plain text and not SSL. Scary!!!!
On Wed, Nov 27, 2013 at 10:07 AM, Ryan Lane rlane32@gmail.com wrote:
On Wed, Nov 27, 2013 at 3:51 AM, Gerard Meijssen gerard.meijssen@gmail.comwrote:
According to the website of myopenid [1], they are closing down Februari 1. My hope was for the Wikimedia Foundation to come to the rescue and provide a non commercial alternative to what Google and Facebook offer.
I am extremely disappointed that we are not. I hope that what is done instead has at least a similar impact than leaving it all to the commercial boys and girls. Privacy should not be left to commerce and national secret services.
Our account security honestly makes us a poor choice for an auth provider and you should have never considered us for this anyway. We don't have password requirements, we don't offer two factor auth, we don't offer good ways to rescue a lost account, and we really don't want to be a target of attack for the purpose of owning other websites.
Also, if you're really concerned about privacy you should be putting your support behind Mozilla's BrowserID (Persona).
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Shucks! I was all excited to be able to log in to high value targets, like online banking, using my Wikipedia credentials.
-bawolff
On 2013-11-27 2:12 PM, "Leslie Carr" lcarr@wikimedia.org wrote:
Also, we allow people to login via plain text and not SSL. Scary!!!!
On Wed, Nov 27, 2013 at 10:07 AM, Ryan Lane rlane32@gmail.com wrote:
On Wed, Nov 27, 2013 at 3:51 AM, Gerard Meijssen gerard.meijssen@gmail.comwrote:
According to the website of myopenid [1], they are closing down
Februari 1.
My hope was for the Wikimedia Foundation to come to the rescue and
provide
a non commercial alternative to what Google and Facebook offer.
I am extremely disappointed that we are not. I hope that what is done instead has at least a similar impact than leaving it all to the
commercial
boys and girls. Privacy should not be left to commerce and national
secret
services.
Our account security honestly makes us a poor choice for an auth
provider
and you should have never considered us for this anyway. We don't have password requirements, we don't offer two factor auth, we don't offer
good
ways to rescue a lost account, and we really don't want to be a target
of
attack for the purpose of owning other websites.
Also, if you're really concerned about privacy you should be putting
your
support behind Mozilla's BrowserID (Persona).
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Le 27/11/13 20:11, Brian Wolff a écrit :
Shucks! I was all excited to be able to log in to high value targets, like online banking, using my Wikipedia credentials.
Some banks are using Google analytics, so at least you can ask them/NSA for your credentials in case you loose them.
wikitech-l@lists.wikimedia.org