=== Client authentication and authorization ===
The service needs to authenticate each client via HTTP basic authentication by a user name and a corresponding password. If a unauthenticated client tries to access the service, it will response with a <code>401</code> (Unauthorized) HTTP error code.
The service needs to authenticate each client via HTTP basic authentication by a user name and a corresponding password. Furthermore the service must retrieve the authenticated users role and object ownership and respect their respective value when returning collections and elements and acting on HTTP methods. If a client is trying to get, modify or delete an element for which it is not authorized, the services will response with a <code>403</code> (Forbidden) HTTP error code and includes the actual authorization validation within the JSON error object.
=== Data interchange format ===