The problem with it is that you can't cache it in an intermediate server, like Varnish or Squid. You have to `Vary` on the authentication header, and with a counter that increments every request, it invalidates the cache every request.

Better is Basic over SSL, since the Authentication header never changes.