I don't know much about security. From the looks of the discussions here I'm not sure I want to. What I do know is that I can put stuff behind httpd's authentication modules and outsource that complexity to people who appear to know what they're taking about. Is there a way I can use OAuth with httpd's authentication modules? Google shows some preliminary rumblings about a mod_auth_oauth, but nothing recent. Is there some fundamental reason OAuth is incompatible with the tried and true mod_auth_* approach? cheers stuart -- Stuart Yeates http://www.nzetc.org/ New Zealand Electronic Text Centre http://researcharchive.vuw.ac.nz/ Institutional Repository