Arvola, Whether or not BasicAuth is used as an aspect of the security for a web service/b2b agreement, storing the user and password information in a CPA would be a mistake. This sort of information should be recorded and stored external to the CPA document itself. Cheers, Chris Arvola Chan wrote: > > Dan: > > Thanks for pointing out the relevant use case. I was just trying to > find out if there is a need to augment the CPA with user and > password information to allow basic authentication to be performed. > > Do you think the 1.1 MSG and CPP/A specs need to be aligned > with respect to the issue of basic authentication? > > Regards, > -Arvola > >