Comment by jddj

The first point (authn) is inherent to the unextended framework via filter rules.

Most of the remainder requires extension other than authz emails, but extension at its simplest just means adding a plain old JavaScript function to run on a record lifecycle event of some kind - typically [before/after] [insert/update/delete] of <record>. Various GO APIs are exposed to the JavaScript runtime for doing filesystem, cryptography, http, email, etc work.

For i18n you have templates and a database.