Currently we authenticate with username/password using GET/POST and we try to encrypt password. Or we have an implementation for CAS in JSS, some requests for other authentication types.
I think today we should have OAuth2 like authentication. This is the reality in the market, users authenticate with google account (which we do in tibco) , they have 2 factor authentication, face authentication, digit authentication.
We should be proactive and rethink our authentication for JRS/JSS/JRIO