As a user I want to be able to use email addresses at domain names that have german Umlauts since they are allowed in domain names.

The current implementation of the email validator does not work with this.

As a user I want to be able to configure that the system is recognizing me again when I return with the same browser, so I do not need to login again.

As a user I want to see in every application that is connected to Cognitor what my current account in use is. So, the applications should be able to exchange my email address, so that I can see the email address I used to login in all systems.

As a user I want my information to be secure. The application should not provide the of data phishing.
This should help with this: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html

As a user I want to be sure, that no one is misusing my account. Therefore I want to be asked for my credentials again, in case I was logged in with a remember me functionality before doing some serious actions.

This means, Cognitor needs to provide an extension, so a relying party can ask request the information how the user was authenticated and request a stronger authentication mechanism. This might also be useful if a third party login is ever considered.

As a company I want the main features of the application to be checked by automated web tests (Selenium).

The main features so far are:

• Registration
• Login

As a user I want to be able to change my password with a comfortable web gui.

As a company I want to store all passwords only as hashes in the database to increase the security for my users in the application gets comprimised by evil forces.

The password hashing mechanism should be configurable to support different sorts of hashing to support existing data.

Some classes seem to have changed. At least the server is not starting out of the box with the new version.

As a company I want information about the health status of my application. The application should provide basic monitoring data.

To be decided, what exactly is needed.

As a user I want to see when I did my last login, so I can see if my account was compromised.

As an administrator and as a business I want the application to be stateless. This allows horizontal scaling and, if multiple instances are running behind a load balance, an easy and fast deployment of new versions while maintaining the service.

As a company I want the data in my system to be valid and most accurate. The user should be able to verify its email address with an double opt in process. This means, that after the registration an email is sent to activate the account and verify the email address is working.

Maybe, this feature should be configurable, so that a double opt in is not a neccessarity in order to activate the account.

A successful forget password process should also count as an email verification.

As I company I want to be able to be informed about updates the user makes to his data, in order to keep it in sync with other applications that rely e.g. on the email address of the user. There should be a possibility to implement some hooks to connect the application to an enterprise service bus for instance.

As a user I want to be able to log out of the system or all connected systems where I was logged in.

As a company I want the login site to optically fit into the rest of my web application, so that the user is not afraid of entering the credentials. This requires that the login site can be customized.

As I user I want to set a new password in case I forget my current one. I want to receive an email with a link to a website where I can set a new password.

As I user I want to be able to chain my email address in case I changed my email service provider.