It would be great if we could use our current certificate structure to match with a user. For example match the Subject of a certificate with one user. This way the user does not need to view any login screen and enter any detail.

In addition to this it would be handy to also limit access by certificates only.

Just a mind brainstorm what could be done as well:
Apache Certificate authentication module, eg use apache to actually validate a certificate eg check not revoked, right chain and such and use the crowd backend to match it with a user