Secure Wiki

Wiki aims to be welcoming. The user experience greets the user from the first page, with an invite to write. This very act is an invitation to engage in insecure Behaviour. The idea that you can write on a site without appropriate credentials is a a transgression of best security practice. Wiki and security are uncomfortable bed fellows.

Here we bring together thoughts and ideas regarding securing wiki. This is not a discussion of security for securities sake, here we are more concerned with achieving certain structural (the proper term is political) features of wiki as a Distributed Knowledge Architecture.

Here we look at issues to do with Authentication and Security in Federated Wiki.

# Current thinking

Fedwiki currently has a pull-only, one domain-one author philosophy which cuts down on spam.

# Pull-only

Fedwiki strives not to push content to other authors sites. An author must explicitly find then fork content to be notified of what is happening in the federation, or to change content on their site.

These two aspects should best be considered separately: - Don't notify me - Don't touch my content

The combination of both these principles (with subtle and minor modifications), results in a security model which does not have to contend with the unwanted attention of spammers, or those that the author does not wish to be informed about.

Suggestions

This is work in progress, but a suggestion here is to use Capability URLs, and also separate authoring from viewing interfaces somewhat.

Given you know the url you have access to the ability to write to that domain. If you are concerned that other people may have a copy of the url, or you just want to renew / refresh your "password" - you can revoke the old url, and get issued with a new one.

These url's are impossible to guess, and are not crawled. It should be possible to set up a domain that generates and manages these Capability URL's and enables Fedwiki users to use them to gain the ability to author their sites in a way that does not have the problems abaove.

# Evolving security Essentially we are looking on establishing a deliberately insecure architecture, that we might call eventual security, one that focusses on the meta-question of evolving security and identity - rather than static snapshots in timme.