How do I secure an OData service?

OData is great because it's simple.

However, I don't see any security specification for OData.

What is common pr开发者_如何学JAVAactice? HTTPS + (username, pwd)

There is mentioned in the spec, it is similar to Atom publishing protocol. So security definitions for both are same.

OData Spec (section 5)

The Atom Publishing Protocol is based on HTTP. Authentication can be done HTTP Authentication like Basic and Digest Access Authentication The use of authentication mechanisms to prevent POSTing or editing by unknown or unauthorized clients is RECOMMENDED but not required.