Thanks for bringing this to the table.
There's definitely a need to integrate all of this stuff.
What we've done for external authentication is to provide a service contract-based mechanism for populating the standard OpenACS user profile data, namely first names, last name, email, screen name, home page, and bio. We plan to add portrait.
We've also added an API for updating this information in a safe manner with a complete transaction log of everything done. If data are invalid, we do not crash, but instead log an error in the transaction log saying what was wrong, so an admin can resolve it.
This API makes it very simple to write implementations that parse user data in any given format, and get it into the database. The driver for the IMS Enterprise format, for example, only takes 50 lines of code.
Existing bulk user upload functionality could probably benefit from using this API.
We haven't tried to tackle the issue of additional attributes that are not part of the hard-coded default OpenACS set of attributes.
But we would love to work with others to resolve this after the release.
To see our code, look at packages/acs-authentication/tcl/sync-procs.tcl.
This invokes some additional API for creating and updating local accounts in packages/acs-authentication/tcl/authentication-procs.tcl.