Thread:Talk:Requests for comment/AuthStack/April 9th discussion/reply

Meeting log:


 * 22:07:39 OK, let's move on to AuthStack
 * 22:07:45 #topic Authstack
 * 22:07:49 #link https://www.mediawiki.org/wiki/Requests_for_comment/AuthStack
 * 22:07:55 #info Tyler updated this earlier this year. He responded to a request and "reduced the scope of the RFC by removing the Permissions infrastructure and the ClientSession class." So we could use a fresh opinion.
 * 22:08:00 (parent5446 that is)
 * 22:08:50 oh authn/z…. what a fun world :D
 * 22:09:09 csteipp: you probably have opinions ^
 * 22:09:17 Yeah, so the goal of this is to get rid of the ChainedAuth hook in LdapAuthentication
 * 22:09:29 B/c it's basically a hack to allow more than one authnz method
 * 22:09:55 (while I wait for other people to respond: I am writing to you from a hallway at PyCon, the Python convention. It is in Montreal, so I have unearthed the French I learned 15 years ago. Je voudrais acheter un bilet!)
 * 22:10:06 I really do like the concept in general. The ldap especially makes a compelling use case.
 * 22:10:30 It also tries to adopt the whole service-oriented architecture theme we have going
 * 22:11:26 i’ll defer to those who have been poking at auth code more recently on this one, but it sounds good in theory
 * 22:11:40 old AuthPlugin was a bit hacky and was done without benefit of experience in using said plugins :D
 * 22:12:07 any implications for LDAP, CentralAuth, etc?
 * 22:12:10 I do need feedback on one thing. Is it OK to use ExternalUser as a class name? Because it is the same class name as the recently removed ExternalUser experiment.
 * 22:12:25 * brion whispers “namespaces!”
 * 22:12:47 Lol, I can put this stuff in a namespace if we support putting core classes in namespaces
 * 22:13:34 parent5446: worst case we can change the class name i guess :)
 * 22:13:35 Was there an "ExternalUser experiment"? I missed that. The name sounds ok to me, but "ExternalAuthUser" would be fine too
 * 22:13:49 actually i’d kinda prefer ExternalAuthUser, that’s more descriptive
 * 22:13:55 Yeah, I think it was removed in a previous version. I don't think anybody ever used it
 * 22:14:13 peut-etre Tim pense un quelque chose ici <- (terrible high school French for "maybe TimStarling thinks something here")
 * 22:14:22 I'd support ExternalAuthUser as well.
 * 22:14:44 (since he was the one to comment in July)
 * 22:14:51 Definitely look into the bug that we have open about initializing users using session setup... just to avoid the situation we're currently in
 * 22:14:53 #info some agreement to changing ExternalUser to ExternalAuthUser for clarity and to avoid potential conflict
 * 22:15:46 * sumanah waits another minute for Tim to speak up before we move on to Abstract table definitions (which should be quick)
 * 22:16:03 :)
 * 22:16:16 hmm, anything else to #info here?
 * 22:16:50 #info a few people like the idea in general
 * 22:16:51 Once I finish up the Password patch I'll start working on AuthStack code
 * 22:16:52 #info people seem to like the general idea — likely to proceed?
 * 22:16:54  #info Everyone believes it's generally a good idea
 * 22:16:58 :D
 * 22:17:06 #info Once I finish up the Password patch I'll start working on AuthStack code
 * 22:17:16 All right
 * 22:18:14 parent5446: bug 41201
 * 22:18:51 csteipp: Thanks. That's for the the ClientSession part