Topic on Talk:Requests for comment/AuthManager

Relation with authentication service & security considerations

2
GWicke (talkcontribs)

There seems to be a good amount of overlap here with what's proposed in the SOA auth RFC. The difference seems to be that this proposal aims to build a new authentication layer inside of MediaWiki, while the SOA auth proposal aims to protect sensitive user data and provide authentication APIs that can be used by other services as well.

Could you say something about how you plan to address those issues?

BDavis (WMF) (talkcontribs)

We see the changes proposed in this RfC as a prerequisite for integrating any new external authentication service into MediaWiki in a meaningful way. The SOA auth system when built would be integrated with MediaWiki via a new AuthenticationProvider that communicated with the SOA auth system on those wikis that chose to deploy it.

Reply to "Relation with authentication service & security considerations"