With regard to the authentication changes:

Do you have anything particular in mind? We've been looking into OAuth2 [1], which looks like a reasonable replacement at a first glance.

[1] http://tools.ietf.org/html/rfc6749

On Apr 9, 2013, at 2:23 PM, Darran Lofthouse <darran.lofthouse@redhat.com> wrote:

+1 Although we have always had a pending task to add true support for
cross origin requests we never actually had justification that they
would be used or were actually needed.

These changes in distribution and the dmr.js now provide that justification.