-----Original Message-----
From: mediawiki-l-bounces(a)Wikimedia.org
[mailto:mediawiki-l-bounces@Wikimedia.org]On Behalf Of Matt England
Sent: Saturday, June 04, 2005 10:31 AM
To: MediaWiki announcements and site admin list
Cc: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Forum software (e.g. phpBB or
similar)integration to replace talk pages
For what it's worth, I see 2 problems attempting to be solved when one
mentions MediaWiki "integration" with phpBB (or any other forum software):
1) Provide a common login and password for each use for each mechanism
(wiki and forum).
2) Make talk pages automatically reference forum thread-topics.
Muzaffer, you do not appear to be addressing goal #2. Are you attempting
goald #1, or something else? If #1, could you make MediaWiki and phpBB
both be clients to an LDAP database?
If something else...can you explain further what purpose you attempt to
solve and/or what you want the end result to be? I'm unclear on
this point.
He did say "As I said, my goal is not replacing talk pages but give my users
a separate forum." So #2, as you've mentioned it above, is the relevant
problem. AuthPlugin addresses most rudimentary aspects of this problem.
However, he's trying to solve a third integration problem. He not only
wants to share login *credentials* between applications, he also wants to
share login *state*. Most web packages including MW and forums store the
state on the client in the form of cookies, because HTTP is a stateless
protocol. Thus, if you want to share state, both applications must be able
to get and set each other's cookies. Since (for example) phpBB's cookie
contains attributes that are only interesting to phpBB, but your MW would
somehow need to obtain these uninteresting values and write them into a
phpBB cookie. To my knowledge, none of the applications involved have
encapsulated their security tokens or cookie strategy in a way that is open
to extension... therefore you must crack them open to modify them, and
accept the possibility of having to rewrite the modules every time they are
upgraded.
I decided early on that I wasn't interested in that kind of self-torture.
Since all forums have better user management capabilities than MW, the forum
is my user management system. MW merely uses AuthPlugin to interrogate the
forum whether a username/password is valid. We only have to observe one
convention, and that's to tell the users that their forum login is also
their MW login. To me, that's better than trying to rewrite major parts of
security subsystems. AuthPlugin isn't perfect or comprehensive in this
way, but it serves my basic purposes.
Speaking of that... anyone have any thoughts on my "Changing login prompt
message" problem? (lol). Ironically, this trivial issue is the final
insoluble problem in my security authentication. Can't use an external
authentication system if nobody understands that we're using an external
authentication system.
-Carlton