I had an idea: “Why not use the PHP Streams layer as an abstraction mechanism for a data access layer?”. After reading the PHP streams manual I can see no reason why this wouldn’t work. By using streams the boiler plater functionality of a request can then be distilled into standard file operations. Authentication and authorization can be handled by defining a uri scheme that follows the standard form of scheme://username:password@…. and calling getperems() on the uri. If username:password is invalid then getperms() would return false, else it would return standard unix permissions. It’s a very RESTful solution.