Hard Infrastucture tasks
Implement OpenID Connect
Our current auth system on master is outdated and cumbersome. Something like OpenID Connect (not the broken OpenID 1.0, of course) would make a lot of sense for us.
Easy Infrastructure tasks
The current posttohost() function used in various places to post stuff back to master does not support SSL. Rewrite this using internal streams and once done fix the master config to not accept anything over non-SSL.
Password handling on master is pathetic
Barring a quick OpenID Connect implementation as per above, clean up password handling on master to not use crypt/md5.