Relsi, i have not done xml-rpc with iphone, but i know that the iphone will accept and store a cookie, so you could do an oauth implementation where the deice logs in and gets a cookie which is then submitted with each request.
i have done the DB (web2py) side of an iphone app that makes use of the authorization header with a custom validation (i dare not say authentication) mechanism. once there is a nice clean solution i'm sure massimo would take a patch to update core web2py. :) christian
