As previously stated, authentication parameters are opaque, but open-ended to the rest of the RPC protocol. This section defines two standard "flavors" of authentication. Implementors are free to invent new authentication types, with the same rules of flavor number assignment as there is for program number assignment. The "flavor" of a credential or verifier refers to the value of the "flavor" field in the opaque_auth structure. Flavor numbers, like RPC program numbers, are also administered centrally, and developers may assign new flavor numbers by applying through electronic mail to "firstname.lastname@example.org". Credentials and verifiers are represented as variable length opaque data (the "body" field in the opaque_auth structure).
In this document, two flavors of authentication are described. Of these, Null authentication (described in the next subsection) is mandatory - it must be available in all implementations. System authentication is described in Appendix A. It is strongly recommended that implementors include System authentication in their implementations. Many applications use this style of authentication, and availability of this flavor in an implementation will enhance interoperability.