Authentication

[jonathanrobie]

Assuming that the implementation wants to maintain control over who can create and modify server data, the new token parameter also allows for token-based authentication (as with OAuth 2.0) if desired. It is up to the implementation to decide how such tokens should be generated and processed.

Authentication is orthogonal to updates. Different environments may want to do this in different ways.

[monotasker]

Yes. I believe including "token" as an optional parameter just provides space for a standard way of handling auth. I stress that it's not required. On the other hand, if an implementation is going to use token strings for auth I think there's value (for interoperability) in having a standard param name for that string. That way we can, say, build a generic editing interface that works with any provider that authenticates using a string token.