I'm preparing to use Federated Wiki in an introductory Information Sciences class that I'm teaching in the Spring, so I'll need to setup a wiki farm where about 30 students each have their own federated wiki.
Mike Caulfield has a great post about setting up a FedWiki for teaching. post
Creating a wiki farm and pointing to it with a wildcard in an "A" DNS record allows anyone on the web to create a wiki and start adding content.
*.fedwiki.jeffist.com A 123.234.345.456
Create individual DNS records instead of using a wildcard still leaves those pages open for anyone to navigate to the URL and start editing until each page is claimed using an email authentication.
bob.fedwiki.jeffist.com A 123.234.345.456 alice.fedwiki.jeffist.com A 123.234.345.456
On one hand, this leaves me a little concerned what kind of nefarious content might conceivably be anonymously uploaded to an institutional server by random internet users until all of the wikis are locked down.
On the other hand, does locking this down reduce the intrinsic capabilities and benefits of fedwiki as a collaborative tool? What if a student needs two sites?
One tedious solution might be to create an individual DNS entry for each student (as described above) and keep the server port closed to outside web traffic until each wiki has been claimed?
(I'm @jeffist on twitter if someone without a FedWiki would like to join in the conversation)
Mura Nava:I was also thinking about the owning site issue that Jeff brings up and how it relates to security of fedwiki.
If someone signs into wiki that is not supposed to be theirs does one simply wait till they logoff to reclaim? What happens when you logoff? How does a site operator reverse a claim?
See Claim Denied
Paul Rodwell: Nick Niemeir records some thoughts/ideas about this in Closed farm. I added some thoughts around two different ways to use DNS and nginx to prevent unwanted site creation.
Thinking about it using a wildcard DNS entry, and detailing the allowed sites in a reverse proxy's configuration is something that could be scripted together with claiming a site for the intended user.