< Auth systems
WMF Identity/Auth Sprint : 2013
- There are several specific issues with the existing, authentication methods used on the WMF sites. Additionally, several new features for authentication and authorization were requested over the last year. The Platform Engineering team has decided to address several of these issue and features in a set of sprints over the next few weeks.
Goals
- Rework CentralAuth's SUL system to better support mobile, as well as anticipate upcomming changes in other browser's 3rd-party cookie policies
- A basic OAuth implementation to improve the security of labs projects, and potentially bots, that do work on behalf of WMF users
- (Postponed until 2014) Support implementing an OpenID provider on the WMF cluster that will be used for labs instances of MediaWiki
CentralAuth
Deliverables
- (bug 46902) A central domain where all WMF users will login to their centralauth ("global") accounts
- Local wikis will auto-login users who have an established login with the central domain
Docs
- Design and Specifications: Auth systems/SUL2
Status
Complete - deployed in August 2013
OAuth
Deliverables
- An OAuth 1.0a compatible system to allow delegated access by users to the MediaWiki API
- Example client, with client library
Docs
- Design and Specifications: Auth systems/OAuth
- Potential Libraries: Auth systems/OAuth/Library
Status
Complete - deployed in November 2013
OpenID
Deliverables
- Code Review of OpenID Extension
- Support for ops during deployment
Status
Postponed until sometime in 2014
Task List
- Design of central domain
- User:CSteipp/SUL2
- Evaluate and choose OAuth library - Tim
- Setup Labs instances for testing OAuth client and server - Brad
- Write stories / acceptance tests for OAuth client
- Security / code review of Extension:OpenID - Chris
- Evaluate using EventLogging for logging user,application,action - Aaron
This article is issued from Mediawiki. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.