I've been working on the Basic, Digest and Wsse authenticators for Meditation (they'll be available in the upcoming version 0.6). I was having some problems with the digest authentication. It is particuarly difficult to debug digest authentication, especially if the authentication fails, because there could be a variety of reasons why things have gone pear shaped. Is your nonce screwey? have you got the header properly set up?

The simplest method I have found is to add a new response header (I used "X-Meditation-Debug") and in that header, output any needed debugging information. Then you can use the Live HTTP Headers firefox extension to inspect what is being passed on both the request and response. Along with the Web Developer extension to clear any existing HTTP authentication, this makes a powerful combo.

I think that the next version Lily will have an option to output X-Meditation-Debug headers at a particular level, say 0-5 for user levels (so application builders can debug their application) and 6-10 for internal debugging.