lightweight approach to WebApp HTTP authentication (the one that automatically pops up a login box) - the username and password are encoded, but in a way (base64) that is brainless to decode, so it doesn't offer any real Security.
the id/pw is re-submitted with every request to that domain/host/port (realm?) until the browser quits.
There is no "logout" function possible
if you want to run multiple servers on different ports/hosts, that id can't follow along
you don't have a pretty login form to provide context around the fields themselves
there's no real standard of how to "do it" (patterns of user interface, or data management)
so automated tools (e.g. RssAggregator) can't log in (or am I wrong?)
note there is some agreement on the XmlRpc model
You probably want to support both models together. But I don't think this can be done all that smoothly...
Edited: | Tweet this!