This RfC is due to be discussed briefly on April 9th; join us!
Topic on Talk:Requests for comment/AuthManager
Meeting log:
- 22:07:39 <sumanah> OK, let's move on to AuthStack
- 22:07:45 <sumanah> #topic Authstack
- 22:07:49 <sumanah> #link https://www.mediawiki.org/wiki/Requests_for_comment/AuthStack
- 22:07:55 <sumanah> #info Tyler updated this earlier this year. He responded to a request and "reduced the scope of the RFC by removing the Permissions infrastructure and the ClientSession class." So we could use a fresh opinion.
- 22:08:00 <sumanah> (parent5446 that is)
- 22:08:50 <brion> oh authn/z…. what a fun world :D
- 22:09:09 <sumanah> csteipp: you probably have opinions ^
- 22:09:17 <parent5446> Yeah, so the goal of this is to get rid of the ChainedAuth hook in LdapAuthentication
- 22:09:29 <parent5446> B/c it's basically a hack to allow more than one authnz method
- 22:09:55 <sumanah> (while I wait for other people to respond: I am writing to you from a hallway at PyCon, the Python convention. It is in Montreal, so I have unearthed the French I learned 15 years ago. Je voudrais acheter un bilet!)
- 22:10:06 <csteipp> I really do like the concept in general. The ldap especially makes a compelling use case.
- 22:10:30 <parent5446> It also tries to adopt the whole service-oriented architecture theme we have going
- 22:11:26 <brion> i’ll defer to those who have been poking at auth code more recently on this one, but it sounds good in theory
- 22:11:40 <brion> old AuthPlugin was a bit hacky and was done without benefit of experience in using said plugins :D
- 22:12:07 <brion> any implications for LDAP, CentralAuth, etc?
- 22:12:10 <parent5446> I do need feedback on one thing. Is it OK to use ExternalUser as a class name? Because it is the same class name as the recently removed ExternalUser experiment.
- 22:12:25 * brion whispers “namespaces!”
- 22:12:47 <parent5446> Lol, I can put this stuff in a namespace if we support putting core classes in namespaces
- 22:13:34 <brion> parent5446: worst case we can change the class name i guess :)
- 22:13:35 <csteipp> Was there an "ExternalUser experiment"? I missed that. The name sounds ok to me, but "ExternalAuthUser" would be fine too
- 22:13:49 <brion> actually i’d kinda prefer ExternalAuthUser, that’s more descriptive
- 22:13:55 <parent5446> Yeah, I think it was removed in a previous version. I don't think anybody ever used it
- 22:14:13 <sumanah> peut-etre Tim pense un quelque chose ici <----- (terrible high school French for "maybe TimStarling thinks something here")
- 22:14:22 <parent5446> I'd support ExternalAuthUser as well.
- 22:14:44 <sumanah> (since he was the one to comment in July)
- 22:14:51 <csteipp> Definitely look into the bug that we have open about initializing users using session setup... just to avoid the situation we're currently in
- 22:14:53 <brion> #info some agreement to changing ExternalUser to ExternalAuthUser for clarity and to avoid potential conflict
- 22:15:46 * sumanah waits another minute for Tim to speak up before we move on to Abstract table definitions (which should be quick)
- 22:16:03 <brion> :)
- 22:16:16 <sumanah> hmm, anything else to #info here?
- 22:16:50 <sumanah> #info a few people like the idea in general
- 22:16:51 <parent5446> Once I finish up the Password patch I'll start working on AuthStack code
- 22:16:52 <brion> #info people seem to like the general idea — likely to proceed?
- 22:16:54 <MaxSem> #info Everyone believes it's generally a good idea
- 22:16:58 <brion> :D
- 22:17:06 <sumanah> #info <parent5446> Once I finish up the Password patch I'll start working on AuthStack code
- 22:17:16 <sumanah> All right
- 22:18:14 <csteipp> parent5446: bug 41201
- 22:18:51 <parent5446> csteipp: Thanks. That's for the the ClientSession part
Summary:
- some agreement to changing ExternalUser to ExternalAuthUser for clarity and to avoid potential conflict (brion, 22:14:53)
- a few people like the idea in general (sumanah, 22:16:50)
- people seem to like the general idea — likely to proceed? (brion, 22:16:52)
- Everyone believes it's generally a good idea (MaxSem, 22:16:54)
- <parent5446> Once I finish up the Password patch I'll start working on AuthStack code (sumanah, 22:17:06)
Have you had time to work on this?
Just a little tiny bit. Unfortunately the password patch has not been merged yet, so that's my main focus. But I have some code stored in a branch on my computer with an outline for this.
Any update? :-)
Ping. :)
Sorry. No update yet. I'll work on it this week and see what I can do.
Great, thanks Tyler!