Kerberos and PKI and proper LDAP and ERP integration are all well and good for MIT and the few dozen schools of similar size with similarly professional IT staff and existing investment in enterprise systems, but I see a lot of value in software that an undergraduate programmer can install on their own Linux box and become productive with in less than a year.
WebCT is losing a lot of customers by going the enterprise route with Vista. There is no way we are going to pay $200K+ for unproven software. Based on customer reaction, WebCT recently announced that they were going to continue accepting on the neighborhood of $7K for their current Perl product after all. Now, we want to get away from WebCT because we don't think their abandonware is worth $7K, but the fact that they were forced to revoke their "Vista or the highway" decision tells you something.
I *do* agree that it is critical to interoperate with general campus identification/authentication systems and course registration systems in some well-defined way. Many Brandeis professors requested WebCT courses last semester merely because that was a (mostly) supported way of feeding dynamic course lists to them.
I don't know how important IMS is. A clear API and/or something as simple as CSV import/export could do just as well.
I do think that the central USERS table (acs 3) and PARTIES (acs 4) is a problem for integration. That's one of the reasons we're not rushing into dotLRN.
We will see how things go next semester, but I suspect that our most popular course management system this year might become Sympa (sympa.org), a mailing list manager with file upload (think Yahoo Groups) and LDAP/database integration features. The database integration is very simple-minded -- basically jut two denormalized tables -- but it gives us a clear way to authenticate users to LDAP and keep course lists in sync with our legacy student registration system.
Most professors don't want to mess with online quizzes and the like. They don't care about web design. They just want an easy-to-use place to share documents with their students. They don't want to have to add/drop people; that's the registrar's job. Yes online grading would be *nice*, especially in a few large lecture courses, but not really critical.
Having ACS delegate username/password or ever X509 cert authentication to another system is trivial -- just a few-lines change to register.tcl. On my.brandeis.edu we just fork off a perl script. Cheesy, but why bother with ns_ldap if you're only going to use it once per login. Now, if you're going to replace the entire USERS/PARTIES system so that you can expire/rename users based on enterprise data -- but that's not ns_ldap, that's a fundamental redesign of the data model and potentially thousands of lines of TCL.