> >> 1. Create a random Nonce(or string)
> >> 2. create the token by doing Base64(sha(nonce + timestamp 
> + password)

FWIW, when I used the values in this example:

http://www.xml.com/pub/a/2003/12/17/dive.html

It came out right:

===================
irb(main):020:0> nonce = "d36e316282959a9ed4c89851497a717f"
=> "d36e316282959a9ed4c89851497a717f"
irb(main):021:0> time = "2003-12-15T14:43:07Z"
=> "2003-12-15T14:43:07Z"
irb(main):022:0> Base64.encode64(Digest::SHA1.digest(nonce + time +
"taadtaadpst
csm")).strip
=> "quR/EWLAV4xLf9Zqyw4pDmfV9OY="
irb(main):023:0>
===================

So I think we're close...

Yours,

Tom