Well, you could create a md5 hash based on the username and time for example and send those thru via the url, if on the other end the expected variables pass, the user can be authenticated...