Regarding the isAuthorized function discussed at http://www.haskell.org/pipermail/web-devel/2011/000855.html, I believe it would be better if the second parameter was the method (GET, POST, ..) instead of a boolean indicating if it is POST or DELETE.