On Tue, Jan 19, 2016 at 4:22 PM, James Salsman <jsalsman(a)gmail.com> wrote:
Have you
looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to
support anonymity. Lack of anonymity can interfere with the operation of the
reviewer reputation database.
I'd love to read the background discussion that led to that decision.
Could you identify which part of MediaWiki's OAuth implementation has
unacceptable problems regarding anonymity?
If you are setting high standards/promises in that regard, your
alternative implementation of user authentication will need to be
extremely carefully written (as will your entire codebase need very
good security auditing).
--
John Vandenberg