Wikipedia:Account Verification

Configurability
With respect to account verification functionality, system administrative options for configuring installations of MediaWiki are envisioned to include, but to not be limited to:


 * Whether or not to activate the account verification features for a MediaWiki installation or upgrade.
 * Whether account verification is required or optional for their new and existing end users.
 * Which from an extensible list of social login or OpenID Connect providers can their end-users utilize to verify their account.
 * How many social login or OpenID Connect providers must their end users link to their account for corroborative account verification.
 * Whether their verified end users can choose whether to display their real names or utilize pseudonymous usernames.
 * Whether their verified end users can choose whether to provide hyperlinks to their connected account pages on their user pages.
 * Whether their administrators have a page protection mode such that only verified end users can edit a thusly protected page.
 * Whether their administrators can suspend or revoke verified end-users' account verification privileges.
 * Whether to display a verification checkmark next to the edits of verified end-users and next to their usernames on their user pages and which graphic icons to utilize.

Configuration options for MediaWiki system administrators and subsequently contingent configuration options for end users can maximize utility for all parties concerned across a large number of MediaWiki use case scenarios.

Account verification on Wikipedia
With highly configurable MediaWiki functionality, Wikipedia could choose whether and configurable how to utilize account verification features in a manner that exactly aligns with their policy.

Page protection
With account verification, Wikipedia administrators could be equipped with a page protection mode such that only verified accounts could edit a protected article or category of articles. Rationale for such page protection modes include the rationales of semi-protection and extended confirmed protection.

Good standing
With account verification, Wikipedia administrators could be equipped with the capability to suspend or revoke end-users' account verification statuses.

Proponents
Proponents of account verification on Wikipedia maintain that it, and resultant administrative tools, would mitigate:


 * Sock puppetry
 * Multiple accounts
 * Conflict of interest editing
 * Advocacy editing
 * Propaganda
 * Bots
 * Griefing
 * Trolling
 * Spamming
 * Vandalism
 * Fake news
 * Misinformation / Disinformation
 * Political manipulation
 * Election interference

Opponents
Opponents of account verification on Wikipedia have concerns including:


 * Protecting anonymous contribution
 * Protecting data privacy (account verification processes may entail the storage of end users' real names as users choose to verify their accounts)
 * Real-name policies run afoul of long-standing Internet culture and conventions
 * Real-name policies may disadvantage or endanger marginalized users or victims of violence or harassment
 * Real-name policies are insufficient for preventing spam
 * Real-name policies are insufficient for preventing trolls

OpenID Connect
The OpenID Connect 1.0 specification defines a set of standard claims. They can be requested to be returned either in the UserInfo Response, per Section 5.3.2, or in the ID Token, per Section 2.

The table below indicates the set of standard claims and is from Section 5.1 of the OpenID Connect 1.0 specification.

Corroborative account verification works with the standard set of claims. The OpenID Connect 1.0 specification indicates in Section 5.3.2 that the claims defined in Section 5.1 (the table above) can be returned as can additional claims not specified there. See also: Section 5.5.

Some ideas for additional claims are indicated:

Facebook Login
From the Facebook default fields (https://developers.facebook.com/docs/facebook-login/permissions/v3.0#reference-default_fields):

A field from the basic permissions category (https://developers.facebook.com/docs/facebook-login/permissions/v3.0#basic-permissions):

A field from the larger set of the Facebook extended profile (https://developers.facebook.com/docs/facebook-login/permissions/v3.0#reference-extended-profile):

LinkedIn Login
From the LinkedIn basic profile (https://developer.linkedin.com/docs/fields/basic-profile) data, to access any of the following basic profile fields, your app must request the  member permission:

The following member fields require the  member permission:

Related solutions

 * mw:Extension:SocialLogin
 * mw:Extension:OpenID Connect

Related topics

 * A proposal to add external login to Wikipedia
 * A Wikipedia credentials policy discussion
 * A proposal to improve MediaWiki's blocking tools
 * A proposal for granular types of blocking