To Do

• I think I've recreated PEAK bindings, without entirely intending to. But they are really simplistic.
• Handle BadRequestError exceptions better. E.g., 404 should become an AttributeError.
• Some kind of authorization. Generally authorization can be done by middleware, but there's also, say, read-only objects (where PUT and POST are restricted). Middleware can also protect these methods, but some non-middleware technique or hook would be convenient.