User:Jeblad/Qualified access

A qualified access to another system is done according to the usercredits inside the wiki. Such credits can be several features such as user rights, number of contributions, time since registering, time since last block or even user name. The extension identifies some such features.

Defaults can be changed in  to enable configuration of each value, and then further enabled or disabled as necessary. Note that enabling use of user name will make it possible for external parties to identify users.

Fundamental operation is to add a parser function in running text, or to add link to a toolbox through LocalSettings.php, or to add a javascript link somewhere on a referencing page, which creates a backlink to a special page. This takes one parameter describing the name which identifies the actual configuration set. A call to this special page will be Special:Qualifiedaccess/name. During processing of this special page the necessary signing and/or encrytion will happend.

Unless otherwise configured the special page will display all data to be sent to the external web site.

Installation
Note that installation of  is a prerequisite for the extension. wiki-install-folder/extensions/QualifiedAccess
 * 1) Create a new folder (directory) in the following location:
 * 1) Download the following files:
 * 2) * QualifiedAccess.php
 * 3) * QualifiedAccess.i18n.php
 * 4) Copy the files to the new QualifiedAccess folder
 * 5) Add the following code to your LocalSettings.php (at the bottom)

You should not enable reporting of username or realname unless necessary, and if so you should inform your users of the consequences. Note also that using sufficient many attibutes in parallell can compromise the users anonymity.

Usage
The extension will enable a tag function and according to the definitions it will prepare a POST request, using customised values, for a request towards the given external web site. Any feature not disabled in LocalSettings.php and identified in the local tag function wil be added to the request. If a public key is specified it will be used to sign the request, either after downloading from an external key server or by extracting the tag functions content.

Identifier for the given dataset
 * name

A comma-separated list of features to add to the request
 * feature

The name of the public key for the external website
 * key

An external keyserver to be used for look up of public keys
 * keyserver

The algorithm to use for the signing
 * hash

How to process, only to do a clearsign or a encrypt operation
 * mode

Signing
Signing is done through one of several subsystems, gpg is used as default.

Example
&lt;qaccess feature="rights" href="http://somewhere.on.net" key="webmaster@somewhere.on.net" keyserver="" /&gt;

&lt;qaccess feature="contribution" href="http://somewhere.on.net" key="webmaster@somewhere.on.net"&gt; -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.6 (GNU/Linux) mQGiBEMdoegRBACSr3vbqextfQ51sHPr3Qs8SANLBJJyoPwcxYSTcgava5xWHU70 Zm8yCfHW7T90noBtCVHBNG5Yk9VIEOa6Ab/4axsRH5kc9lGSi7o3dHadFB4SmsEO MVB0DB8REWnQ+9Mh6jdyV5Ef/w7YlO5cnf6MI5dLOKI53ojhro9jRFC6owCgyTzI d6dvWrlutGwtgctQ8zj3EK0D/jezwAhV+neCTxBQYbu5rZthqa9pxHO3wasn+JWT 49qlb5GeCHN0jaBDMuMfVv7iXrLy8oYfq6A/cTnp+tSY4kPG63JvM5UtKzdlGngJ 1Tml/zSkLMumz5W02+jNPBCbNZla1pAJS6miyNZi1KjId3BvRuHOX8x1YKdeHCQA OcFkA/9HmhOtgJuWDHHE2Y+sP2GZ1DNjnRtbm4MhrwFeiuKPQTGX8Ni9ET4/++Mm XbfjMVgLbQ6ulusH4W3qePru96ChOMb+NYnN358Kxwy0sw3ZGsPiQucOmA6QvhWV AHKuRgW6LE5FQsCtVSJidJTEuJ12Yfwsn7rjq655iJk657xJ47Q1V2VibWFzdGVy IChqZWIga29uc3VsZW50dGplbmVzdGVyKSA8d2VibWFzdGVyQGplYi5ubz6IWwQT EQIAGwUCQx2h6AYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRCiJ2KkNOTcWF8bAJwL 86704BMmJjpKa7xZS6LBdDJ7oQCdFHsJQBzPGmSJEaKfm7q4nDRa9BG5BA0EQx2i qhAQAND/iI7KPimjuPFIkiYFwuayf67daofmZGfzbZayRkPCJf5H+F7Pv7f4Xpsz /xKDqUTQdXag9+LFKc/MAACHiyIaqdI8BPuhgQ+2uMIFVSU0QwmZHBcofPxv95Wn TQt1n1UpWs8sm5kQ0b0rzYEClp5IDZcpCRN8S+irAmXkM735/ZzO5AP5loF+kc9r r3fh5KM8R6hP7FGWQCrNr0cWpMDlUMM6eAiAmoZDf33OoaqL5FRi8YiCfNi9bAHz YtWH+jCA9aKimQS+vRg+TIQwLAbxPFh0tSaZ55CuJh07uV3GrUUJPsS+epLuR7y5 MrrtIb50wabyy6QUTquQqTqSahr3CK2m0PHb8mZxGHSpY2iu/jzfhja/dItvaki1 kn+AWahU8fEa+Xi9XwzyHB4sdF0K7RMlgXq0Bs76Lr6a804ZsDc/cHBauEnqjWho 8ER68GiFohLv50s2RP4IgAyhRnQ8LIOPVJHPq7Db2Q1WfiSk1zVgOXnhtt1VoUyj MRO1BG/bChanIF+mjuozA0LtAOLl1WHlKhmyaho79gBJ3E/vFGd4OWHAgt4zbVLf 8fxfRcaNv3P8y084HLwrF1R/dAgQKOXwT57iL3T9OX4mq4mleJ+TDLep47Ql2dky 6Pqk0T2u2+xGq9lqBlUXr+z9yRyTZsolcvG2zcK9TG3ggIxDAAMFEACXAui5hidN QPS2iFN3lQBVqgFRLsFs3s4EuDyIkhZ87dLNQ0IorrMP+rBtU0m1QQ9j22dGgvSu EabKg5sgo6iKBlfAiWB6Mx9VRBHVyH8vb2MEEFmhVuNgW6VAc1lh6pL3AOP3UTFP 9BeKemriW7Gc27MT/LoknGdIpSX6EePHOQsxcXoHx97ogvjX2ZqH08BzoP2hJJEE 4TOOOEKeaHU3IvrkqalmCOx5npVZF8EVxbrLgLA5vhZzAZtVCdzBy+DJ27wVGQoH AGHaDhAb0VW6B6XlbK2TKgKr3TyMhZ0WlS48QNhyqDfiz7tu1FdjeCQ6jrmLU7fM y1K6rmTKMh1eh90t+GeIr32H8ySe0BUV25e116aJNk78wkHh1EvTqBbxNGGsro9B kMMBlFq0llOHhVpKyvrlHIlIpF6Vd4YMhtP/MpOCZkQAaxjFJNuXA+2+YezkoK2Y 7zStR6Gr1S8mKBPiI5BBUh13HrFFF6OWj8UUWA21OLaP/DHIZRPaXPliOBmehdaW an4osRrdY+Imc/XVzJyhAD5DwPoqO2JoSJymW0DHVjDyzdyeHIguEOn27+E6InmL jyTClfAoIwuTuzmF9onc1jsg1Y9Fk/OenfFH2xsNZ7QoiFftPLHq58fVlFDDMDum 5QwYv4oZQyXo45LX7L60i8GSDYP9xkpqXohGBBgRAgAGBQJDHaKqAAoJEKInYqQ0 5NxYqcQAnRbu2hRVLXLICt+F4So21hDhW0W1AJ9P0hlYFFY6MFaeuzC5VuLTsIrI 3Q== =mJeP -END PGP PUBLIC KEY BLOCK- &lt;/qaccess&gt;