Ok, I’m going to tell what I’m working on.
I’d like to add external authorization or/and external roles provider. I’d like to use proxy_auth together with new future to do authentication and authorization. So, external authentication could base on this feature.
I thought also about splitting ldap_auth into ldap_authentication and ldap_authorization rules. Then we could compose authentication with authorization rules (eg. authentication by reverse proxy with ldap authorization).
But there is more to do here … IMO it is high time to think about rules order. In my case I have to be sure that authentication rule will be checked before authorization rule - so second rule depends on first.
General cached auth rule is also great idea, because new async auth rule also should have some kind of caching (optional of course). So, ldap caching have to be generalised.
At the moment I’m working on external roles provider. When I finish (next week I’m going to deliver the feature), I can help with rest things I was writing about.
But IMO rules order & theirs dependencies should be discussed before starting development because it’s not so easy task to do it right.