Regarding Draft -08. See also PaceFixSecurityConsiderations
Support Basic Authentication.
There is no justification for excluding Basic authentication.
Change section 13 to:
All instances of publishing Atom Format entries SHOULD be protected by authentication to prevent posting or editing by unknown sources. Atom Protocol servers and clients MUST support one of the following authentication mechanisms, and SHOULD support both. o HTTP Basic Authentication [RFC2617] o HTTP Digest Authentication [RFC2617] o CGI Authentication Atom Protocol servers and clients using HTTP Basic Authentication SHOULD support encryption of the session using TLS (see [RFC2246]). Servers and clients using other autentication methods MAY support encryption of the session using TLS. There are cases where an authentication mechanism might not be required, such as a publicly editable Wiki, or when using POST to send comments to a site that does not require authentication from a commenter.