Mark Pilgrim describes his implementation of a REST API for Atom, the RSS successor being developed by various folk. This appeals to my URL designer sensibilities and includes a nice example of how to use XML document responses containing URIs as part of an interface.
An interesting proposal in the document is a method of using a variation on HTTP digest authentification as part of the API. His method guards against replay attacks and avoids sending cleartext passwords over the net. It’s a neat idea which could be usefully copied for CANTCL