WMF Projects/New auth designs

From mediawiki.org
Jump to navigation Jump to search

CentralAuth isn't a solution. It was an ad hoc extension to solve the immediate problem of shared logins amongst Wikimedia sites. It is based too tightly around an arbitrary database schema and does not take advantage of other authentication and identity management solutions. Additionally, integrating with other resources (eg: Bugzilla, OTRS, outside reference sites) becomes difficult as we have to come up with a custom layer to handle this interaction.

For this purposes, we are proposing the following model:

  • Data store - will be LDAP based. Scales to millions of users very easily.
  • Identity management - openAM. Free Java-based IM software. Speaks both SAML 2.0 and openID/OAuth?
  • Mediawiki integration - simpleSAML. Free PHP framework for working with SAML-based auth systems