Michael,
Thanks for your feedback. It's been incorporated into the doc.
A few comments:
c) Configuration
The term "service contract" is a technical OpenACS term, which corresponds to Java's "interface". It's a way of specifying an API between two software components, which lets you supply different implementations of the same API, the same interface.
As opposed to a legal "service contract" or "support contract" in which a technology company promises to uphold certain levels of service to the client.
The ext-auth doc is talking about the former type of service contract, the technical one, only.
I think a service contract (also called 'acs-service-contract') is the right approach to implementing the local account as well.
h) Password hash
This is how things work currently. I haven't mentioned this, since we're not planning on changing it.
i) Implementation list
Will do.
Thanks again.
/Lars