Topic on Talk:Requests for comment/AuthManager

Meeting log:

22:07:39 <sumanah> OK, let's move on to AuthStack

22:07:45 <sumanah> #topic Authstack

22:07:49 <sumanah> #link https://www.mediawiki.org/wiki/Requests_for_comment/AuthStack

22:07:55 <sumanah> #info Tyler updated this earlier this year. He responded to a request and "reduced the scope of the RFC by removing the Permissions infrastructure and the ClientSession class." So we could use a fresh opinion.

22:08:00 <sumanah> (parent5446 that is)

22:08:50 <brion> oh authn/z…. what a fun world :D

22:09:09 <sumanah> csteipp: you probably have opinions ^

22:09:17 <parent5446> Yeah, so the goal of this is to get rid of the ChainedAuth hook in LdapAuthentication

22:09:29 <parent5446> B/c it's basically a hack to allow more than one authnz method

22:09:55 <sumanah> (while I wait for other people to respond: I am writing to you from a hallway at PyCon, the Python convention. It is in Montreal, so I have unearthed the French I learned 15 years ago. Je voudrais acheter un bilet!)

22:10:06 <csteipp> I really do like the concept in general. The ldap especially makes a compelling use case.

22:10:30 <parent5446> It also tries to adopt the whole service-oriented architecture theme we have going

22:11:26 <brion> i’ll defer to those who have been poking at auth code more recently on this one, but it sounds good in theory

22:11:40 <brion> old AuthPlugin was a bit hacky and was done without benefit of experience in using said plugins  :D

22:12:07 <brion> any implications for LDAP, CentralAuth, etc?

22:12:10 <parent5446> I do need feedback on one thing. Is it OK to use ExternalUser as a class name? Because it is the same class name as the recently removed ExternalUser experiment.

22:12:25 * brion whispers “namespaces!”

22:12:47 <parent5446> Lol, I can put this stuff in a namespace if we support putting core classes in namespaces

22:13:34 <brion> parent5446: worst case we can change the class name i guess :)

22:13:35 <csteipp> Was there an "ExternalUser experiment"? I missed that. The name sounds ok to me, but "ExternalAuthUser" would be fine too

22:13:49 <brion> actually i’d kinda prefer ExternalAuthUser, that’s more descriptive

22:13:55 <parent5446> Yeah, I think it was removed in a previous version. I don't think anybody ever used it

22:14:13 <sumanah> peut-etre Tim pense un quelque chose ici <----- (terrible high school French for "maybe TimStarling thinks something here")

22:14:22 <parent5446> I'd support ExternalAuthUser as well.

22:14:44 <sumanah> (since he was the one to comment in July)

22:14:51 <csteipp> Definitely look into the bug that we have open about initializing users using session setup... just to avoid the situation we're currently in

22:14:53 <brion> #info some agreement to changing ExternalUser to ExternalAuthUser for clarity and to avoid potential conflict

22:15:46 * sumanah waits another minute for Tim to speak up before we move on to Abstract table definitions (which should be quick)

22:16:03 <brion> :)

22:16:16 <sumanah> hmm, anything else to #info here?

22:16:50 <sumanah> #info a few people like the idea in general

22:16:51 <parent5446> Once I finish up the Password patch I'll start working on AuthStack code

22:16:52 <brion> #info people seem to like the general idea — likely to proceed?

22:16:54 <MaxSem> #info Everyone believes it's generally a good idea

22:16:58 <brion> :D

22:17:06 <sumanah> #info <parent5446> Once I finish up the Password patch I'll start working on AuthStack code

22:17:16 <sumanah> All right

22:18:14 <csteipp> parent5446: bug 41201

22:18:51 <parent5446> csteipp: Thanks. That's for the the ClientSession part

Summary:

• some agreement to changing ExternalUser to ExternalAuthUser for clarity and to avoid potential conflict (brion, 22:14:53)
• a few people like the idea in general (sumanah, 22:16:50)
• people seem to like the general idea — likely to proceed? (brion, 22:16:52)
• Everyone believes it's generally a good idea (MaxSem, 22:16:54)
• <parent5446> Once I finish up the Password patch I'll start working on AuthStack code (sumanah, 22:17:06)