I'd rather see an RFC written up with where we
want to go with user
auth. I know your idzeas differ from Aryeh's work on the issue, so
I'd rather see all that stuff worked out before more code gets put in
Just my opinion though.
I was planning on extending the current auto-auth code to support normal
core features like session checking and user creation. I can draft up an RFC
though. It'll be a good exercise for some of the future auth changes I want
to make ;).