5.3.6 Web Server Set-up and Authentication

This standard does not define  an authentication mechanism for the Web Service-based communication between companies. Should the two parties require their communication to be authenticated, they are free to use any of the existing web-based authentication methods including, but not limited to, Basic Auth, HTTP Digest Authentication, HTTPS Client Authentication, OAUTH, etc.