GridSite Grid Security for the Web
Web platforms for Grids

Welcome page : Documentation : Download : License

GridSiteWiki

GridSiteWiki is version of MediaWiki - the same software used by WikiPedia, but with user authentication based on X.509 certificates rather than usernames and passwords.

GridSiteWiki is used to provide the informal documentation area on this website, and the source code is available under the same terms (the GNU GPL) as MediaWiki itself.

See the GridSiteWiki section of the download area for tar files and patches against MediaWiki.

Quick HOWTO

  • Set up a throwaway normal MediaWiki first: follow the instructions in the MediaWiki INSTALL guide to check your MySQL setup is ok. (Pay special attention to NOT using Mysql 4.1.x!!!) Use their web-based procedure.
  • Clean up by removing the directory you created, and DROP'ing the wiki database at the MySQL command line.
  • Install the GridSiteWiki files, either from the .tgz file or by using the large .patch to modify the MediaWiki files themselves.
  • Use the web-based procedure as before, but now give the X.509 DN of the Sysop account instead of a password. (GridSiteWiki stores X.509 DNs where MediaWiki would store a password, for each account.)
  • MediaWiki's Localisation and Rewriting (removing index.php) guides are very useful.

What we've changed

The fundamental change to MediaWiki is to store the X.509 DN of each user instead of their password. Since the Wiki expects to use relatively compact usernames ("Andrew McNab"), the X.509 DNs themselves are not suitable for use as usernames. Instead, we obtain the DN from the web browser / webserver transaction and use that wherever MediaWiki would have obtained the password from an HTML form.

By systematically doing this, we get a system that avoids the need to remember or present a password (if you have your X.509 certificate loaded), but allows people to sign their articles using something close to their personal name. We use the Common Name part of the DN to pre-populate the username fields of the HTML sign-up or login form, but allow users to manually edit it (since more than one user may have the same Common Name.)

By reusing the change password form in user preferences, we now also get the ability to change the X.509 DN associated with a membership, without losing the continuity of identity associated with creating a new username.

Consequently, the bulk of the changes to MediaWiki are to the form templates and the language localisation strings ("password" becomes "X.509 DN" etc.) We've only done this for English (languages/Language.php) so far (but it would be a relatively straightforward process for speakers of other languages to apply the same changes to their own languges/LanguageXX.php file.)

Last modified Sun 22 May 2005 . View page history
Switch to HTTPS . Print View . Built with GridSite 1.4.3
Funded by:   GridPP   STFC   JISC   University of Manchester