> > In cases where a tool is keeping an authentication database, and is not > acting on behalf of a user, then OpenID would let the tool eliminate its > username/password store.
This is exactly what I'm saying. It doesn't do this. If a tool has a username/password store, i.e., it uses the username and password of each user, enabling OpenID wouldn't solve the authentication problem. Like I said, it only works in cases where the bot does all of its work under its own account. Sure, it would be great, but allowing authentication as a consumer is a much more difficult step, and we're not ready to take it right now. OpenID > as a provider solves some long-standing problems and is a step in the right > direction, let's focus on one thing at a time. How exactly is it so difficult? You just set the configuration option for the extension. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | [email protected] On Fri, Feb 22, 2013 at 6:48 PM, Ryan Lane <[email protected]> wrote: > On Fri, Feb 22, 2013 at 3:19 PM, Tyler Romeo <[email protected]> wrote: > > > To be absolutely clear, this does *not* solve the problem of bots/tools > > authenticating on behalf of a user. All it does is solve the problem of > > where a bot/tool authenticates under its own user account and, out of > pure > > courtesy for the community, asks users to prove their identity before > > allowing them to use the bot/tool. For bots/tools that actually perform > > edits as the user, OpenID would be useless. > > > > > You're confusing use cases. What you're talking is the use case for OAuth. > This thread isn't about OAuth. I believe we have plans to add OAuth next > quarter, but if you wish to continue discussing it, please make a new > thread. > > In cases where a tool is keeping an authentication database, and is not > acting on behalf of a user, then OpenID would let the tool eliminate its > username/password store. > > > > Also, I think Wikipedia acting as an OpenID consumer would be bounds more > > useful than acting as a provider. That's not to say that having both > > wouldn't be a good idea, but the consumer side of it should definitely > be a > > priority. Think of sites now like StackOverflow, where creating an > account > > is as simple as pressing a few Accept buttons. > > > > > Sure, it would be great, but allowing authentication as a consumer is a > much more difficult step, and we're not ready to take it right now. OpenID > as a provider solves some long-standing problems and is a step in the right > direction, let's focus on one thing at a time. > > - Ryan > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
