Using Zope for B2B. Partner websites take orders from their staff or clientel and relay those orders to us. So, the actual communications between these participating companies' servers and our own server are totally automated. Security exists at 3 layers : a) Host/IP - we've already filtered hosts that can connect to us based on IP. But, since IPs can be spoofed, we may buy hardware VPN solutions. (problem : hardware vpn can be expensive for our partners or even impossible if they are colocating) b) Protocol. At the moment I've got a prototype running with XMLRPC which was damned easy to create. However, there is no security mechanism built into XMLRPC (or at not that I can see). So, all data is transfered in the clear. c) The data/information itself. Since there is no authentication with XMLRPC, the data itself is encoded (using rotor and other simple python encryption modules) with a unique key that we will provide to each participating company/site. I really like using XMLRPC but is the above simply a disaster waiting to happen ? Would CORBA, HTTPS (ie using SSLeay), or SSH be better suited ? And is anyone already doing anything like this ? Thanks in advance, chas