https://bugzilla.wikimedia.org/show_bug.cgi?id=13631
--- Comment #17 from Tim Landscheidt <[email protected]> 2012-10-01 00:46:47 UTC --- (In reply to comment #16) > [...] > > > That still doesn't change my point. OAuth is the appropriate tool for > > > external > > > applications to verify a user's identity and then perform operations on > > > that > > > user's behalf. > > The point of TUSC isn't necessarily to perform operations on a user's > > behalf, > > but for example just to ensure their consent to aggregate personal data as > > required by https://wiki.toolserver.org/view/Rules#Privacy_Policy. That's a > > subset of what OAuth offers, but can very well be accomplished with OpenID. > But that's still something that should be done with OAuth. You may not be > doing > stuff on behalf of the user, but you are accessing the user's data, which is a > permission that can be granted using OAuth. OpenID is supposed to be used for > single sign-on. In a perfect world you are maybe right. But any solution will have to be implemented, thoroughly reviewed, deployed and maintained. AFAIK, acting as an OpenID provider will not open up any attack angles to WMF's infrastructure as it is passive. So, given past experiences, it could maybe be deployed by christmas. OAuth on the other hand seems to require schema changes, a rewrite of core code and a long term commitment because if for example Facebook acts as a launch customer and adds editing functionality to their site, they do certainly not want to rely on experimental features. I wouldn't want to speculate, but my guess is that OAuth is much harder to implement, much harder to review, much harder to deploy and much harder to maintain which results in general availability much later than OpenID's. So I'd rather have OpenID now (well, this year) than OAuth some time in the (farther) future. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
