Hi all- With respect to the Plugfest, I need to define the authorization specifics we will use for all the requests. The Plugfest guide says we will only have one authorized credential: A "shaman" is a god - it can do anything/everything. My intent in the interop was simply to show that basic authorization *was* being performed in the proper places and consistently across al implementations: If the shaman credentials are presented, it should pass authorization. If any other credentials are presented, they should fail authorization. I didn't want to push the teams too hard on the particulars at this time, but perhaps this is easier than I think. We need to define the sessionSecurity field for the interop. John, or anybody else,... Any suggestions for a simple test auth field? Thanks Jerry