Two roles are already defined (SecurityAdmin and ConfigureAdmin). Need to make sure the roles are referred to not "callable by authorized administrators".

There is also inconsistency for requirement of encryption / signing

4.4.1 RoleType definition
Table 4 – RoleType definition
The Properties and Methods of the RoleType contain sensitive security related information and shall only be browseable, readable, writeable and callable by authorized administrators through an encrypted channel.

4.4.5 AddIdentity Method
The Client shall use an encrypted channel and shall provide user credentials with administrator rights when invoking this Method on the Server.

All other Methods do not have this additional requirement for encryption (which is already required by the statement below the table)
We should either remove the statement from the Method or add it to all.

4.2.1 RoleSetType definition
There is currently no requirement for signing / encryption
We must at least require signing.

Replaced related text in all Methods with the following text (taken from AddIdentity + SecurityAdmin reference):

The Client shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server.

Only ChangePassword has different text.

We do not need additional standard roles. The SecurityAdmin should cover this part since it is security administration for the server.
SecurityAdmin:
The Role is allowed to change security related settings.

Products can always add more roles if they want to make a difference.

Agreed to changes edited in virtual F2F.