In light of the recent Zend framework announcement, Chris Shiflett has posted a wishlist of the things he'd like to see in their framework.

As has been widely discussed, Zend announced its PHP Framework this week. I wasn't invited to participate, so I think I can offer an unbiased opinion. The primary misconception seems to be that there is no code, and this isn't true. Although Zend thinks the framework is too immature to be released yet, it does exist.

I'm particularly interested to see whether this effort capitalizes on the chance to help PHP developers write more secure code. In addition to support for filtering input (which I'm told is included), here are some characteristics I'm hoping to see.

Some of the things he mentions include: something comparable to taint mode, protection against session fixation, CSRF protection, and simple and secure authentication and authorization mechanisms...

Anything anyone wants to add?