Discussion:
[MediaWiki-Core] Possible OAuth focus
Bryan Davis
2015-02-03 22:05:26 UTC
Permalink
Chris has an epic in the mw-core backlog tracking OAuth fixes that we
could focus on instead of SOA Auth.

https://phabricator.wikimedia.org/T86869

There are a few things that are compelling about considering a shift
of focus to this for me:
* We already have a list of things to work on!
* Erik is *really* interested in improving OAuth
* We started this project and know that there are things we'd like to polish up
* This has a more visible impact than core code cleanup
* We can probably come up with metrics to go along with it

The down sides:
* Authn/z will need work eventually
* We need to keep working on SOA Auth RfC either way

Thoughts? I'd be happy to have a conference call with the current team
and anyone else who is interested to discuss this if it seems like
that would be more efficient.

Bryan
--
Bryan Davis Wikimedia Foundation <***@wikimedia.org>
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA
irc: bd808 v:415.839.6885 x6855
Rob Lanphier
2015-02-03 23:53:12 UTC
Permalink
Hi Bryan

My main rationale for kicking the oAuth can down the road (i.e. pushing
back on Erik) in the past has been the lack of PM to keep this focused, the
lack of a clear UI strategy due in part to many people in our UX team being
so new and our strategy being all over the map, and also because the team
was clearly kinda done with this as a project for a while.

The situation is now different on all three fronts. With you taking the PM
role very seriously, I feel comfortable that you'd be able to do the
necessary user story work and pushing back on design astronautism (if that
even becomes a problem). Our UX team has matured quite a bit since the
last time we looked at this, and though OOjs UI is still new tech, I think
we would get a little better support from our UI tools to make a conforming
UI, and "conforming" is at least a little clearer than it was last year.
We've all had some time away from the work now, and the experience which
we've gained by having the current iteration out there a while can guide
our future work.

So, this may be a good project to elevate. Those of you who caught Frank's
talk at the last metrics meeting[1] will have a little better understanding
why oAuth matters; it's a tool that lets other organizations build tools
that interact in important ways with our site. The folks at wikiedu.org
are heavy oAuth users, which is why you'll see many requests coming from
Sage Ross @ wikiedu.org in particular.

None of this is to say that this is the most important thing on the
backlog, but merely to provoke fresh thinking on the topic.

Rob

[1]
https://meta.wikimedia.org/wiki/WMF_Metrics_and_activities_meetings/2015-01
Post by Bryan Davis
Chris has an epic in the mw-core backlog tracking OAuth fixes that we
could focus on instead of SOA Auth.
https://phabricator.wikimedia.org/T86869
There are a few things that are compelling about considering a shift
* We already have a list of things to work on!
* Erik is *really* interested in improving OAuth
* We started this project and know that there are things we'd like to polish up
* This has a more visible impact than core code cleanup
* We can probably come up with metrics to go along with it
* Authn/z will need work eventually
* We need to keep working on SOA Auth RfC either way
Thoughts? I'd be happy to have a conference call with the current team
and anyone else who is interested to discuss this if it seems like
that would be more efficient.
Bryan
--
[[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA
irc: bd808 v:415.839.6885 x6855
_______________________________________________
MediaWiki-Core mailing list
https://lists.wikimedia.org/mailman/listinfo/mediawiki-core
Loading...