https://bugzilla.wikimedia.org/show_bug.cgi?id=13631
--- Comment #18 from Tyler Romeo <[email protected]> 2012-10-01 00:56:36 UTC --- (In reply to comment #17) > In a perfect world you are maybe right. But any solution will have to be > implemented, thoroughly reviewed, deployed and maintained. AFAIK, acting as > an > OpenID provider will not open up any attack angles to WMF's infrastructure as > it is passive. So, given past experiences, it could maybe be deployed by > christmas. > > OAuth on the other hand seems to require schema changes, a rewrite of core > code > and a long term commitment because if for example Facebook acts as a launch > customer and adds editing functionality to their site, they do certainly not > want to rely on experimental features. I wouldn't want to speculate, but my > guess is that OAuth is much harder to implement, much harder to review, much > harder to deploy and much harder to maintain which results in general > availability much later than OpenID's. > > So I'd rather have OpenID now (well, this year) than OAuth some time in the > (farther) future. OAuth should not require any core changes. From what I've put together, all it would require is three additional tables to store authentication information. >From there, it would latch into the ApiCheckCanExecute hook (https://gerrit.wikimedia.org/r/20905). Furthermore, that still doesn't change the fact that OpenID is limited in its capabilities since it's not actually meant for service authentication. So maybe in the case above, where the only thing the toolserver app needs to do is verify the user's identity, it would work, but for any app that actually needs to do something on behalf of the user, OpenID is useless. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
