2007/3/9, Thomas Dalton thomas.dalton@gmail.com:
Identification implies authentication. Otherwise, how do you distinguish between the real PersonA and PersonA's malicious impersonator?
I think the idea is that the only people with access to his wiki are employees, and he trusts them not to impersonate eachother.
One procedure that works well in out environment is this: we use an authentication plugin so that users that are already logged in to our Intranet portal can click on a link that logs them in on the wiki. They are added to the wiki user table on the fly if needed. They don't have to identify themselves again (single sign-on).
If they want to access a wiki page directly through a link, that also works because we used the "remember me" option in the login form that was called behind the scenes.
In the worst case scenario, if the explicitly log out of the wiki and then access a direct link to a page, they have to identify themselves, but just once, because their login will be remembered.
This could be improved by a plugin that used their Windows user as a source for single sign-on.
My conclusion is that it is possible to have good integration and ease of use without being insecure.