Proposal:Extend Wikipedia to include external authentication
Every proposal should be tied to one of the strategic priorities below.
Edit this page to help identify the priorities related to this proposal!
- Achieve continued growth in readership
- Focus on quality content
- Increase Participation
- Stabilize and improve the infrastructure
- Encourage Innovation
|
Share this:
|
 |
It has been suggested that this page be merged with Proposal:Implement OAuth for MediaWiki (and employ in Wikimedia). (Discuss) |
Summary
Wikipedia's present reach is limited by its monolithic, all-inclusive and exclusionary design. For example: wikipedia as a "web service" can never reach offline users. In the context of authentication, the present design indicates an inherent lack of trust in the provably secure available authentication technologies available today, and thus keeps wikipedia tethered to the "real-time", "internet-only" web site paradigm. To move forward, wikipedia must embrace open authentication standards and authentication schemes that do not rely on users having "real-time" internet access, or any internet access at all.
Proposal
- Wikipedia to adopt an authentication API which has a pluggable architecture (one which can accept both "direct" authentication as well as "challenge-response" authentication). The Win32 "Security" API may provide valuable insights.
- Proposals such as those listed under http://strategy.wikimedia.org/wiki/Category:Proposals_for_new_authentication_features be accepted as plugins
- Authentication schemes hinted at or explicitly described in Proposal:Distributed_Wikipedia be either implemented or adapted, and accepted as plugins.
Motivation
If the "offline" strategic goals of wikipedia are to be met - at all - wikipedia must adopt alternative authentication schemes. period.
Key Questions
- How is anyone supposed to implement a peer-to-peer service that people can trust, when the present system will force the username and clear-text password to be sent across arbitrary peer-to-peer networks?
- Why, in the year 2009, are users of wikipedia being forced to type in a separate password and username, when schemes such as openid have been in existence for a considerable time, and when openid is being adopted wholesale by social networking sites, popular email systems and free software development sites?
Potential Costs
- small amount of design work by security specialist(s)
- small amount of developer time
- large amount of auditing by security specialist(s).
References
- Proposal:Distributed_Wikipedia
- http://strategy.wikimedia.org/wiki/Category:Proposals_for_new_authentication_features
Community Discussion
Do you have a thought about this proposal? A suggestion? Discuss this proposal by going to Proposal talk:Extend Wikipedia to include external authentication.
Want to work on this proposal?
- .. Sign your name here!