5.1 Security Considerations for Implementers

For all methods, the server is required to evaluate the authentication level and the security principal rights to invoke that method, and the server is required to fail the operation if the security requirements are not met.<3>