On Fri, Aug 24, 2012 at 10:33 AM, Nabil Maynard <nadreck(a)gmail.com> wrote:
On Fri, Aug 24, 2012 at 10:16 AM, Tyler Romeo
<tylerromeo(a)gmail.com> wrote:
Not a good idea:
http://xkcd.com/927/
While OAuth has its problems, it's not a terrible protocol (or at least v1
isn't).
Seconded -- I'd rather see contributions to making OAuth less painful
rather than invent Yet Another Standard.
I have to agree too. OAuth has problems, but it would allow several of
wmf's current integrations to be more secure overall, and that would
be a win for us. If Daniel is able to create a protocol that is as
secure, and easier for developers to use securely, then I will
definitely push to switch over. But until then, I'm still going to try
and get OAuth out.
I'd also love to see MediaWiki support SAML too, for our .edu/.gov users.
My personal wishlist:
- Persona: Previously called BrowserID. It's come a LONG way in the past
few months, and provides another fairly clean identity/authentication
system.
Mozilla is also interested in this. I don't think we can use it on wmf
sites, but if you're interested in working on it, I can probably get
you in touch with someone there. I think it would be a great feature.