Gerard Meijssen wrote:
Gordon Mohr wrote:
You could settle on one master namespace
(wikipedia.org?), then
gradually roll sites over to only accepting logins from that
namespace, giving people the option along the way of merging
their old separate identity histories into the new master
login(s). I suspect OpenID could help with the cross-domain
logins, even if a final single namespace is the only one
accepted for logins.
Given that you suggest "wikipedia.org", you do not appreciate that the
uploading of pictures into Commons is one of the more pressing issues.
There are MANY projects and wikipedia is only one.. :(
Picking any one namespace as the starting space does not rule out
any application on any Wikimedia project.
In any unification -- completely independent of technology used --
it would be natural to start with the one existing namespace.
Maybe the largest/most-active, or perhaps the namespace which
overlaps all others the most, or perhaps the namespace with the
most unique names. You'd then work outward resolving conflicts
with other namespaces one by one. And, despite starting with the
largest (or most-overlapping or most-unique), that namespace
wouldn't necessarily win most conflicts. (It might lose most,
because its size means a longer tail of seldom-used accounts.)
I'm guessing the Wikipedia projects are still largest (and also
have the most overlap with others and the most unique names), but
would be interested in pointers to any numbers which suggest
otherwise.
(If existing project names are loaded with politically undesirable
semantics, perhaps the best course would be to pick a relatively
cryptic, semantically-unloaded 'name' for the unified login --
"WMLX" or some such, which is vaguely but not really an
abbrieviation. Then start rolling other legacy namespaces into it. )
My point is the same: you can pick a single namespace, and wind up
with a single namespace at the end of the transition, completely
independent of the technology used.
Some people seem to be assuming that OpenID/YADIS *necessarily*
means allowing signins from multiple and/or foreign namespaces. By
my understanding, that's not the case.
I can't tell which of the three options listed at
http://meta.wikimedia.org/wiki/Single_login_poll had the most
developer support, but SUL-2 and SUL-3 both seem to suggest a
transition phase where global and local coexist for a while. That
would seem a natural application of the OpenID/YADIS approach,
with a single global namespace exporting itself to any number of
projects which accept global logins, but still have legacy local
logins as well.
I'd also
guess that after starting to unify, there could be a
backlash when people start losing their logins. Multiple
namespaces might then seem more appealing.
Is there a page or past thread capturing prior discussion and
decisions about the single-signon goal?
- Gordon
The discussion on single-signon is old. It has been discussed to death.
It has had special announced IRC chats dedicated to this subject and you
can find the relevant stuff on Meta. A decision has been taken to
implement this. Which is great given the problems that there is always
someone new, who thinks that OpenID for instance had not been looked into.
I thank Rob Lanphier for providing a link to the
Single_login_specifications page at Meta.
- Gordon