To Do
=====

* I think I've recreated PEAK bindings, without entirely intending
  to.  But they are really simplistic.

* Handle BadRequestError exceptions better.  E.g., 404 should become
  an AttributeError.

* Some kind of authorization.  Generally authorization can be done by
  middleware, but there's also, say, read-only objects (where PUT and
  POST are restricted).  Middleware can also protect these methods,
  but some non-middleware technique or hook would be convenient.
