Access restriction for SPARQL Endpoint for Commons
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Gehel
	Apr 30 2020, 9:09 AM

Description

One of the problem we are facing with the current WDQS SPARQL endpoint is that it is functionally similar to exposing a raw SQL endpoint to the whole internet. We would never do that with SQL. For SQL we instead provide read-only replicas, which are restricted to WMCS. We need something similar, where we can have a little bit more control over what is accessing this new SPARQL endpoint, with the ability to contact abusive bots / users and block them selectively (as a last resort) when needed and the ability to better understand which use cases are. We want this authentication layer to be as light and as unobtrusive as possible. We're likely to iterate on what the best option is here.

Details

Subject	Repo	Branch	Lines +/-
Add logout location	operations/puppet	production	+5 -0
Correct url and path for nginx OAuth 1.0a	operations/puppet	production	+24 -20
Set max session cookie age and allow to be deleted	wikidata/query/rdf	master	+68 -8
Handle session with wcqs token	wikidata/query/rdf	master	+15 -8
Authenticate with MW oauth 1.0a for WCQS	operations/puppet	production	+33 -1
Handle oauth proxy settings	operations/puppet	production	+31 -1
OAuth Proxy for MediaWiki oauth plugin	wikidata/query/rdf	master	+463 -4
Handle oauth proxy settings	operations/puppet	production	+81 -35

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Declined		dchen	T118706 Conduct heuristic evaluation of image upload and insert flow in VisualEditor
Open		None	T115858 Design improvements for mw.ForeignStructuredUpload.BookletLayout
Open		None	T115865 Insert image in content immediately after it's uploaded, skipping the "General settings" step
Duplicate		None	T115864 Figure out if the description of the image can be used as the caption on-wiki
Open	Feature	None	T53032 When inserting an image, set its caption by default to be the Commons image description
Open	Feature	None	T39534 Wikimedia Commons should support searching by color
Duplicate		None	T39535 Wikimedia Commons should support filtering by color
Resolved		None	T19503 Provide metadata support on Wikimedia Commons
Resolved		None	T51662 VisualEditor: Use Multimedia/Wikidata's proposed rich structured meta-data in the image insertion dialog
Resolved		None	T68108 [Epic] Store media information for files on Wikimedia Commons as structured data
Duplicate		None	T141602 [Objective Fiscal 19-20/Q4] (9) Provide a Proof of Concept SPARQL endpoint in support of SDoC project
Resolved		Gehel	T251488 [epic] Create minimal SPARQL Endpoint for Commons on WMCS
Resolved		• Zbyszko	T251498 Access restriction for SPARQL Endpoint for Commons
Resolved		• Zbyszko	T251499 Minimal authentication for SPARQL Endpoint for Commons
Resolved		• Zbyszko	T251500 oAuth authentication for SPARQL Endpoint for Commons

Event Timeline

Gehel created this task.Apr 30 2020, 9:09 AM

Gehel moved this task from Incoming to SDAW on the Wikidata-Query-Service board.Apr 30 2020, 11:04 AM

Gehel updated the task description. (Show Details)Apr 30 2020, 1:32 PM

Lea_Lacroix_WMDE subscribed.Apr 30 2020, 1:35 PM

• Zbyszko closed subtask T251499: Minimal authentication for SPARQL Endpoint for Commons as Resolved.May 28 2020, 3:34 PM

• Zbyszko added a project: Discovery-Search (Current work).Jun 15 2020, 5:20 PM

Change 605922 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] OAuth Proxy for MediaWiki oauth plugin

https://gerrit.wikimedia.org/r/605922

gerritbot added a project: Patch-For-Review.Jun 16 2020, 2:12 PM

Change 608633 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Configuration code for oauth proxy

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608633

Change 608824 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Handle oauth proxy settings

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608824

Change 608905 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Authenticate with MW oauth 1.0a for WCQS

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608905

Change 608824 abandoned by ZPapierski:
Handle oauth proxy settings

Reason:
Duplicated by:https://gerrit.wikimedia.org/r/c/operations/puppet/ /608633

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608824

Change 605922 merged by jenkins-bot:
[wikidata/query/rdf@master] OAuth Proxy for MediaWiki oauth plugin

https://gerrit.wikimedia.org/r/c/wikidata/query/rdf/ /605922

Change 608633 merged by Ryan Kemper:
[operations/puppet@production] Handle oauth proxy settings

https://gerrit.wikimedia.org/r/608633

Change 608905 merged by Ryan Kemper:
[operations/puppet@production] Authenticate with MW oauth 1.0a for WCQS

https://gerrit.wikimedia.org/r/608905

Maintenance_bot removed a project: Patch-For-Review.Jul 3 2020, 4:10 AM

Change 609775 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] Handle session with wcqs token

https://gerrit.wikimedia.org/r/609775

gerritbot added a project: Patch-For-Review.Jul 6 2020, 11:55 AM

Change 609775 merged by jenkins-bot:
[wikidata/query/rdf@master] Handle session with wcqs token

https://gerrit.wikimedia.org/r/609775

Change 609909 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Correct url and path for nginx OAuth 1.0a

https://gerrit.wikimedia.org/r/609909

Akuckartz subscribed.Jul 7 2020, 11:36 AM

• Zbyszko mentioned this in T257314: Add a Logout link to Wikimedia Commons Query Service.Jul 7 2020, 1:57 PM

Gehel moved this task from SDAW to Current work on the Wikidata-Query-Service board.Jul 13 2020, 12:38 PM

Gehel closed subtask T251500: oAuth authentication for SPARQL Endpoint for Commons as Resolved.

• Zbyszko claimed this task.Jul 13 2020, 12:39 PM

Main resource (/) is secure, but for some reason /sparql endpint is not.

Change 613127 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] Set max session cookie age and allow to be deleted

https://gerrit.wikimedia.org/r/613127

Change 613186 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Add logout location

https://gerrit.wikimedia.org/r/613186

Change 613127 merged by jenkins-bot:
[wikidata/query/rdf@master] Set max session cookie age and allow to be deleted

https://gerrit.wikimedia.org/r/613127

Change 609909 merged by Gehel:
[operations/puppet@production] Correct url and path for nginx OAuth 1.0a

https://gerrit.wikimedia.org/r/609909

Change 613186 merged by Gehel:
[operations/puppet@production] Add logout location

https://gerrit.wikimedia.org/r/613186

CBogen moved this task from Incoming to In Progress on the Discovery-Search (Current work) board.Jul 22 2020, 2:32 PM

• Zbyszko moved this task from In Progress to Needs Reporting on the Discovery-Search (Current work) board.Jul 23 2020, 7:07 AM

Gehel closed this task as Resolved.Aug 17 2020, 12:45 PM

Access restriction for SPARQL Endpoint for CommonsClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Access restriction for SPARQL Endpoint for Commons
Closed, ResolvedPublic
Actions

Related Objects
Search...