I was thinking about this recently too. Though I started thinking from the login form perspective.
Things we should have: - Good build-in support for both single-authentication (everyone is in the user database, or everyone in ldap, etc...) and multi-authentication (some users are local, some are OAuth, others may be LDAP) and also the possibility of multiple auth types for one user. - A real abstract login form that lets extensions and auth systems simply add fields to the login/creation form without having to re-implement it and not work with other similar extensions. -- Perhaps also some meta information from auth plugins that let us say on the login form that a wiki is using LDAP or something. - Explicit support for auth systems using something other than the username. - Real support for auth systems involving a 3rd party. ie: Involving redirects such as OAuth, OpenID, and simple 3rd party login where the login link directs you to the login page of some forum, you get sent back, and somehow the extension knows what the session is. - Login form support for multiple authentication systems on the same wiki, incl. support for OAuth and OpenID like logins.
That last one was the tricky one to figure out.