From Wikimania

This page is part of the Proceedings of Wikimania 2006 (Index of presentations)

Differentiation of Authentication Regimes to Prevent Vandalism

Author Gerard Meijssen
Track Projects and Content
License GNU Free Documentation License (details)
About the author
Presenters/Gerard Meijssen/Biography
At present the Wikimedia Foundation security model has two layers;
  • Data layer
  • System layer

Where the first level can be characterized as soft security, more stringent needs exist for keeping the system from being attacked on a system level. The system level is as far as I can see well taken care of. It is because of the great care of the developers that we have been spared much embarrassment.

This presentation will focus on the authentication methods for the data layer.

When a system is assessed for the quality of its security, the first thing to be considered is what the requirements of the application are. For the Wikimedia Foundation it has been traditionally that everyone is allowed anonymous access and the right is given to create and edit content. When people abuse this trust, it is an army of volunteers who have fixed the resulting mess and, banning vandals from more edits.

When an analysis is made of the existing vandalism, there are several ways in which it is easy for vandals to offend again. What is worse, is that because of bans given to vandals, people who have nothing to do with vandalism find accusations of vandalism or are banned.

In the future there will be a need for different types of authentication. To mind comes when teacher student relations happen within material to do with Wikiversity.

What I want to propose is differentiating in the way authentication of our users happen depending on the origin of the user. There are large areas of the Internet where people have a stable IP address. In other places even countries there is no such thing. By differentiating the origin of a user you can have different authentication requirements in place.

There are people who have written patches to MediaWiki to support OpenID. OpenID is a protocol that allows for the use of authentication to other resources. This implies that people who are known elsewhere can use the same user and password to connect to a Wikimedia project.

Surfnet has in its A-Select software authentication software that does for many different ways of authenticating people. In essence, we already use authentication in a restrictive way. We block schools because of vandalism; we do not allow anonymous users to create new articles on the English Wikipedia.

We are investigating the integration of YADIS and the A-Select protocols. This will result in a bigger palette of using authentication as bumps in the road for vandals. I expect that by the time of Wikimania we will be able to explain what we can do and what we cannot do. I will also want to talk about privacy concerns that come up when authentication is used.

4Final edit

Full text