> The way I've been thinking about it has been that the REST interface currently > in the core engine is essentially an unprotected administrative interface. I see... Another (interesting?) question is how do you encode data esp. if an email address or username contains a slash (/) character. -- Fil