Also, at some point we want to get an OpenID-like system for RAS
that could be used by CitEc and others.

Yes. I already suggested this as a development point.
But until then, I want something that work here and now.
Do you agree with ssl mysql access?

Dan should be able to tell you whether this is OK here.

This can't be a long-term solution, but we can do this until an OpenID-like system can be setup.