Break the account validation form up into two separate cases:
-add participants (behaves similarly to the traditional form)
-reset password (only allows you to change the password)
When you are added as a participant, the traditional page contained two forms, one to activate your account, the other to log in with an existing account. Improve the user experience by putting these forms on separate pages.
Provide a sakai.property to revert to the 'legacy' validation page (both forms on the same page, responds to add participants as well as reset-pass)
Password policy should be enforced according to UserDirectoryService.getPasswordPolicy() on the server as well as the client side.
UI as well as email templates need improvements.
There should be a time limit on password resets.
If account A has maintain in a site, and account B is added as a participant to the same site with access, then B transfers their memberships to A, A's role should remain as maintain.