On Fri, Aug 24, 2012 at 10:33 AM, Nabil Maynard nadreck@gmail.com wrote:
On Fri, Aug 24, 2012 at 10:16 AM, Tyler Romeo tylerromeo@gmail.com wrote:
Not a good idea: http://xkcd.com/927/ While OAuth has its problems, it's not a terrible protocol (or at least v1 isn't).
Seconded -- I'd rather see contributions to making OAuth less painful rather than invent Yet Another Standard.
I have to agree too. OAuth has problems, but it would allow several of wmf's current integrations to be more secure overall, and that would be a win for us. If Daniel is able to create a protocol that is as secure, and easier for developers to use securely, then I will definitely push to switch over. But until then, I'm still going to try and get OAuth out.
I'd also love to see MediaWiki support SAML too, for our .edu/.gov users.
My personal wishlist:
- Persona: Previously called BrowserID. It's come a LONG way in the past
few months, and provides another fairly clean identity/authentication system.
Mozilla is also interested in this. I don't think we can use it on wmf sites, but if you're interested in working on it, I can probably get you in touch with someone there. I think it would be a great feature.