Need Authorization for HTTP
Now that Mulgara can be put on the web, the write operations need to be locked down, else it cannot be deployed. For HTTP we will need to employ authorization through standard means.
Several questions come out of this. First, how should authorization be handled? In the database? In an external file? Second, should it be done on an operation basis (GET is safe, but PUT/POST is not) or on a graph-by-graph basis like Mulgara security used to employ?