openid on the wiki?

[Itamar Heim]

On 01/25/2012 06:03 AM, Karsten 'quaid' Wade wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/24/2012 03:40 PM, Ewoud Kohl van Wijngaarden wrote:
>> I have no experience with mediawiki + openid myself, but maybe
>> giving it a go and monitor it would be good enough for now.
>>
>> Possible downsides: - Spammers use openid to spam
>>
>> Possible upsides: - More open to new people - People can use a
>> single account for both gerrit and the wiki
>>
>> Since the wiki edits are also shown on IRC I think spam would be
>> caught fast enough and in the worst case the change could be
>> reverted.
>
> That's a good point, the wiki edits are watched that way more carefully.
>
> What would our reaction be if we started to see spam edits via OpenID
> accounts?
>
> * Can we easily disable those accounts?
> * Would we revert to not using OpenID?
> ** Sometimes spammers seem to be doing test-spam on a wiki, so a few
> scattered edits might be preparation for an onslaught.
>
> Also consider all this in terms of who is taking care of the wiki. We
> don't (yet?) have enough individuals or a team that seem to be taking
> on any wiki management tasks.
>
> So a spamming situation could rally such folks, but it could also kill
> the energy while in the crib by overwhelming it with spam pages from
> incrementally more spam accounts.
>
> I'm reacting a bit here to e.g. more wiki pages being incorrectly
> named than not, so a lot of wiki gardening required still. OTOH, I am
> very much in favor of lowering barriers as much as we can. I'd like to
> proceed with this discussion and just figure out a way to
> counterbalance the risks, etc.

can we separate the openid support for authentication (so people can 
user same user/password) from authorization (can an openid account do 
something)?

so we would still have the process of an existing user has to give edit 
permissions to an openid user?