Hi, I think there was some confusion on what I ment with the web service token authentication. A few people have pointed me at single sign on stuff which isn't what I was talking about. Essentially, I wanted to create a way so that clients using the web service weren't always Anonymous users. They can authenticate against the local user database, and become whoever as long as the username and password is correct. When they authenticate (over the web service), they get sent back a session id. Any additional requests are done to /xmlrpc.php?token={session id} and drupal will log them in automatically as that user. I'll submit the patch to the drupal.org for review. -- blog: http://www.mostlygeek.com