Ok Ralph, I'll speak up:

>Here's where I think we are:
>Is this close?

Your summary seems fine.

>is pica implementing SRU?
Pica is busy implementing SRU (and if possible SRW too). I hope to have a
full implementation shortly after the specs are fixed. It is important for
us (due to our architecture SRU is nicer than Z39.50)

>are we polite with sessionID's?
Normally the first correct contact with the server will result in a returned
sessionID. As long as the sessionID is valid, repeated requests will result
in the same sessionID being returned. (we can hide the ticket office).

(session) Cookies are fine, special for XML in browser environments. In case
of non browser applications it is bit of a mute point. To the server
application "POST" forms, "GET" forms and cookies are almost equivalent.
They all are name/value pairs. I would accept sessionID's in all these

>alive time sets
Sets will be gone when the sessionID is gone (actually slowly fade away)

Rob Koopman