I think the issue is that while BEEP can be made to fit our needs, as
can many other things, it seems slightly contorted, and it might well
be easier to define exactly what we need. That's where the discussion
is, thus far. I'd be interested in hearing opinions about "I could
build OCP on BEEP in X weeks". That was a problem with ICAP - it could
almost be built cleanly on HTTP with little work, but that then little by
little it drifted away.
I don't see that BEEP provides any particular help for security.
I think that we definitely need to be XML-free in the sense of being
able to write the header parsing code using a few simple, efficient C
routines. It's OK if a full-weight XML parser can also do the job -
this isn't angle bracket phobia, just a desire to spend more CPU time on
actual OPES services than on header parsing.