Changes

The service needs to authenticate each client via HTTP basic authentication by a user name and a corresponding password. If a unauthenticated client tries to access the service, it will response with a <code>401</code> (Unauthorized) HTTP [[#Error_codes_and_responses|error code]].

Furthermore the service must retrieve the authenticated users role and object ownership and respect their respective value when returning collections and elements and acting on HTTP methods. If a client tries to get, modify or delete an element for which it is not authorized, the services will response with a <code>403</code> (Forbidden) HTTP [[#Error_codes_and_responses|error code ]] and includes a descriptive authorization validation message within the JSON error object.