This issue is to re-visit the HTTP Digest mechanism and how it interacts with the IdentityManager.

Firstly there is the validation of incoming requests, this can probably be solved by passing multiple paramters in a single credential.

However there is also the QOP issue and having sufficient information for the response.

Closely related is MD5-sess