For 3.0, I think this question might be generalized to whether thought is being given to multitier, pluggable authentication. For example, I’ve heard of desires for authentication via:
- local accounts
- Shibboleth
- LDAP
- OAuth (such as ORCID)
All of these could potentially live side-by-side in a single instance.