Peter, > Yes, the thought is that this *could* be used for server-to-server > authentication because it is a generalized auth mechanism. Then can I suggest the JEP either mentions this, or removes specific refrence of it being a client-to-server mechanism, to save a revision in the future? Regards, -- Oliver Wing