All, I'm just a country boy raised on mashed potatoes and Zope 2.1.6. The new security model up here in the bright lights/big city world of Zope 2.2.4 has me all confused:-) I have an external method that returns an object. I have a dtml method that tries to reference an attribute of that object. The attempted attribute reference causes the HTTP authenticate dialog to appear. No username/password seems to appease it. Here is the relevant part of the DTML: <dtml-call "REQUEST.set('foo',testexternal(REQUEST,RESPONSE))"> <dtml-var "foo.X"> Here is the external method "testexternal": class AClass: def __init__(self): self.X = 1 self.Y = 2 def testexternal (self,REQUEST,RESPONSE): A = AClass() return A Thanks in advance, Sean McGrath