...
- For the SOAP API (all read-oriented and write-oriented methods), always require authentication.
- For the REST API, on a per-verb basis (POST/PUT/DELETE/GET), offer the following options at install time:
- Proactive Challenge: Always require authentication.
- Reactive Challenge: Only require authentication if an un-authenticated request failed due to AuthZ rules.
NOTE: This is being tracked as FCREPO-668