* Enforce the storing of sensitive information (such as passwords) in
  the Apache configuration file.
* Encrypt data in the OpenID store.
* Support sessions.
* Support user preferences such as:
  - the choice about logging in to known sites
  - what personal data to send by default
* Support fine grained control to what personal data gets sent to the OpenID
  consumer.
* Support other identity backends (pam, sql).
