On Wed, Jul 22, 2009 at 3:49 PM, Gregory Maxwell<gmaxw...@gmail.com> wrote: > On Wed, Jul 22, 2009 at 4:41 PM, Gerard > Meijssen<gerard.meijs...@gmail.com> wrote: >> Hoi, >> Would OpenID make a difference ? It seems to me that when you authenticate >> to both WMF projects and to this watchlistr, you would not expose passwords >> in the wrong place. It seems to be also a solution of allowing Commons to >> authenticate in this way. > > No, not really. > > In this case the site wants your credentials so that it can scrape > your watchlists. > > If it has your credentials it can impersonate you, which is bad. > > It addressed by making it possible for the site to generate access > cookies for particular resources which you could share. I.e. > "generate a code that gives someone read only access to my watchlist". >
What about OpenID + OAuth? Neither the OpenID plugin, or MediaWiki really support RBAC in a way that would make this work, but it is definitely possible. V/r, Ryan Lane _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l