6.4.4 Web Service Set-up and Authentication
This standard does not define an authentication mechanism for the web service-based communication between Metadata Provider and Release Distributor. Should the two parties require their communication to be authenticated, they are free to use any of the existing web-based authentication methods including, but not limited to, Basic Auth, HTTP Digest Authentication, HTTPS Client Authentication, OAUTH, etc.