A1.2: The protocol allows for authentication and authorisation where necessary

FAIR does not mean open. You're certainly allowed to authenticate and to authorize. The HTTP protocol is pretty great for this.
A brief dip into the world of HTTP auth. The Authorization request header. The WWW-Authenticate response header. Basic authentication. Bearer-based authentication. Authenticating securely. Shared secrets versus asymmetric encryption (for non-repudiation).