* Minimal authn level system (choice only)
* (2ndF/OTP mail)
* Combination/Choice for password (using session data)
* Combination: reinitialize password without being authentified
* (Twitter, Facebook,… => no UserDB)
* Menu: how to calculate rights for SAML icons (with internal rules)

3.0:
* tab plugin for menu
* Real federation
* Unify SAML/OIDC presentation in Choice
* Read-only manager
* Register to do
* Brute-force detection ?

* Add new SMTP params
* unhandled parameters:
  * issuerDB\*Rule
* securize SOAP session creation by cipher
* Verify securedCookie=3 (strange)
* Calendar in notifications explorer
* Test for Zero
* "mail" in UserDB/\*
* verify activeTimer on/off on screen
* Add test for #173

# Combination

* detect changes
* diff()

# Password

* Enable it during auth