@stijn - The intention of the first authorize is to authenticate the user (which http calls authorize). The intention of the authorization is to add privileges, roles, etc.

okay makes sense

@stijn: I'll be focussing on security over the coming weeks so it's likely to change. I've just finished the async post and multipart work, which required me to throw away 2 weeks of code and start again, but finally I'm done with it

@malcolmsparks: ah cool, i'm starting to build video upload