I’ve added you to the group.
Nearly all servers returns additional data in the subsonic-response already to indicate the type of server. And many report additional stuff in some or the other answers. Not talking about undocumented answers to not implemented endpoints. So we are already quite past the pure XSD implementation, currently there’s not even 2 servers that are 100% identical in their answer.
About auth, HTTP basic auth is the same as using enc: so would not really bring something, I would tend to say it’s even worse as all the tools scrape that data, while a subsonic specific parameter may not be (But anecdotal difference)
And in the end sending login and password requires the client apps to also store that, having tokens and/or API keys also brings user security to workaround the usual user that use the same login/password on many sites.
With that said, don’t know if it’s already the case but already supporting Explicit server name and version and Search3 endpoint clarification would be nice since all the other servers currently involved do support them and simplify client life a lot.