Other streaming servers support access and authentication in a quite complete and probably nice way. We could either try to come up with something similar (they tried to make it similar to apache way) or try to look at alternatives.

Methods

There are two metods defined, plain and digest. We should implement just plain and put it over tls, digest is a bit complex and tls should be better from a security point.

Access lists

There are various ways to describe who has access to what, usually you either create a list with paths and the users that have access to them, sometimes you define groups of users and then use them with the before mentioned lists, sometimes you put a list of users next to the content or even INSIDE the content you want to restrict/grant the access to. Since reinventing the wheel while there are others already around more or less rounder it's pointless, it's better try to consider what others did for their needs:

• darwin and apache way [todo:describe it]
• lighttpd way [todo:describe it]

Since we are aiming on the small and slick niche I think we could consider more and more the lighttpd way.