The authentication mechanism follows WS-Light binding principles. The server is authenticated using an X.509 certificate over TLS. Clients authenticate using either HTTP Basic authentication methods over HTTPS. This ensures secure communication and client identity verification.