Hi,
On 08/10/2015 06:23 PM, Gergo Tisza wrote:
tl;dr should OAuth [1] (the system by which external
tools can register to
be "Wikimedia applications" and users can grant them the right to act in
their name) rely on community-maintained description pages or profile forms
filled by application authors?
Wiki pages please :)
---------------
Some of the benefits and drawbacks of using wiki pages:
* they require very little development;
* it's a workflow we have a lot of experience with, and have high-quality
tools to support it (templates, editing tools, automated updates etc.);
* the information schema can be extended without the need to update
software / change DB schemas;
* easier to open up editing to anyone since there are mature change
tracking / anti-abuse tools in MediaWiki (but even so, open editing would
be somewhat scary - some fields might have legal strings attached or become
attack vectors);
I assume these wiki pages would be some kind of structured
ContentHandler pages? We could restrict editing those fields to the
application owners then?
* limited access control (MediaWiki namespace pages
could be used, as they
are e.g. for gadgets, to limit editing of certain information to admins,
but something like "owner can edit own application + OAuth admins can edit
all aplications" is not possible);
If it goes in a separate namespace, you can
* hard to access from the software in a structured way
- one could rely on
naming conventions (e.g. the icon is always at File:OAuth-<application
name>-icon.png) or use Wikidata somehow, but both of those sound awkward;
If the data is stored in a structured format, it should be easy to access.
* design/usability/interface options are limited.
In what way? ContentHandler lets you override and customize pretty much
everything...
-- Legoktm