afaik REST doesn't say anything about authentication mechanisms at all;
it primarily says that a resource should be identified by a uniq URL; so the floor & roomname would have to be part of the URLs;
its doable in some parts, parsing the URL (and message IDs) is a little trickier, since you need to find out whether the URL-Part identifies a part of a floor, roomname, message, or even sub-message.
though using different rooms in different browser tabs would be possible with that .
