I am working on an oai server right now and the people that own the information don't want it getting in to just anyone and everyone's hands. I satisfied this using some simple http protocol level authentication. What I am woundering is if people writing harvesters out there are implementing username/password support at all. Thanks, Josie Imlay