Token-based authentication

Drupal embraces other technologies. It's a bit like universal glue. There's a proposal to add token-based web service authentication to Drupal.

I've been meaning to spend more time exploring service-oriented architecture since it seems to be all the rage lately. Getting a Little Closer to SOA was helpful and the chapter from Web Services and Contemporary SOA (Part II: Advanced Messaging, Metadata, and Security) was good.

I'm still not sure enough about how to express Drupal's architecture to map it into one of the traditional box-and-line figures to think about such things, though I'm thinking about it a lot as the Book takes shape.

I'd like to see Drupal have self-defining exportable content types (that's the elusive CCK), workflow for Drupal's main types (users, nodes, comments, and documents*), relationship-based data interchange (that's publish/subscribe), actions that are triggerable by multiple inputs (workflow state changes, cron, a poke with a sharp web service call), and views. I want Drupal to internally know the difference between doing things singly, e.g., a node_load() on each of the 4 nodes we're loading, and in batches (e.g. node_batch_load()). And I think everyone who installs a Drupal site should get a pony.

*Documents are files with a node to hold the metadata, e.g. images, MS Office documents.