Attempting to access this link will issue a challenge for your user-agent (browser) to provide HTTP Basic credentials. Once authenticated, all the authorization options available in Friend are available to restrict the permissions of particular users.
Please note that Chrome (and maybe other browsers) silently save HTTP Basic credentials for the duration of the session (and resend them automatically!), so logging out won't work as expected.
You can access resources requiring HTTP Basic authentication trivially in any HTTP client (like `curl`) with a URL such as:
You can combine this with Friend's "channel security" middleware to enforce the use of SSL, making this a good recipe for controlling access to web service APIs. Head over to HTTPS Basic for a demo.