diff --git a/Makefile.files b/Makefile.files
index 7df90445f2..df9529b601 100644
--- a/Makefile.files
+++ b/Makefile.files
@@ -78,6 +78,7 @@ WIKI = \
 	Compiling \
 	DbaManual \
 	DbaManualBasics \
+	DbaManualAuthentication \
 	DefineAction \
 	ExamplesSetup \
 	FirstStepsArangoDB \
diff --git a/Makefile.in b/Makefile.in
index 4b5a71d730..99dfb7d33e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1209,6 +1209,7 @@ WIKI = \
 	Compiling \
 	DbaManual \
 	DbaManualBasics \
+	DbaManualAuthentication \
 	DefineAction \
 	ExamplesSetup \
 	FirstStepsArangoDB \
diff --git a/arangod/Documentation/command-line-options.dox b/arangod/Documentation/command-line-options.dox
index f465b5f25f..88887f235a 100644
--- a/arangod/Documentation/command-line-options.dox
+++ b/arangod/Documentation/command-line-options.dox
@@ -47,6 +47,7 @@
 ///     <ul>
 ///      <li>@ref CommandLineArangoHttpPort "server.http-port"</li>
 ///      <li>@ref CommandLineArangoAdminPort "server.admin-port"</li>
+///      <li>@ref CommandLineArangoHttpAuth "server.http-auth"</li>
 ///      <li>@ref CommandLineArangoDisableAdminInterface "server.disable-admin-interface"</li>
 ///      <li>@ref CommandLineArangoDirectory "database.directory"</li>
 ///      <li>@ref CommandLineArangoMaximalJournalSize "database.maximal-journal-size"</li>
@@ -164,6 +165,9 @@
 /// @anchor CommandLineArangoAdminPort
 /// @copydetails triagens::arango::ArangoServer::_adminPort
 ///
+/// @anchor CommandLineArangoHttpAuth
+/// @copydetails triagens::arango::ArangoServer::_httpAuth
+///
 /// @anchor CommandLineArangoDisableAdminInterface
 /// @CMDOPT{--disable-admin-interface}
 ///
diff --git a/arangod/Documentation/dba-manual.dox b/arangod/Documentation/dba-manual.dox
index 6bb9551b11..db66329429 100644
--- a/arangod/Documentation/dba-manual.dox
+++ b/arangod/Documentation/dba-manual.dox
@@ -46,6 +46,7 @@
 /// @copydetails ShellCollectionTOC
 /// @copydetails ShellIndexTOC
 /// @copydetails IndexesTOC
+/// @copydetails DbaManualAuthenticationTOC
 /// @endif
 ////////////////////////////////////////////////////////////////////////////////
 
@@ -95,6 +96,59 @@
 /// @copydetails JS_PropertiesVocbaseCol
 ////////////////////////////////////////////////////////////////////////////////
 
+////////////////////////////////////////////////////////////////////////////////
+/// @page DbaManualAuthenticationTOC
+///
+/// <ul>
+///  <li>@ref DbaManualAuthentication
+///   <ul>
+///    <li>@ref DbaManualAuthenticationCommandLine</li>
+///   </ul>
+///  </li>
+/// </ul>
+////////////////////////////////////////////////////////////////////////////////
+
+////////////////////////////////////////////////////////////////////////////////
+/// @page DbaManualAuthentication Authentication and Authorisation
+///
+/// @EMBEDTOC{DbaManualAuthenticationTOC}
+///
+/// ArangoDB only provides a very simple authentication interface and
+/// no authorisation. We plan to add authorisation features in later
+/// releases, which will allow the administrator to restrict access to
+/// collections and queries to certain users, given them either read
+/// or write access.
+///
+/// Currently, you can only secure the access to the HTTP client and
+/// admin port in a all-or-nothing fashion.
+/// The collection @LIT{_users} contains all user and the SHA256 of
+/// their passwords. A user can be active or inactive. A typical document
+/// of this collection is
+///
+/// @verbinclude user-document
+///
+/// If the server is started using the option 
+///
+/// @LIT{--server.http-auth yes}
+///
+/// then access via HTTP requires a user name and password using "basic
+/// authentication". The user must exists in the @LIT{_users}
+/// collection and must be active.
+///
+/// In order to generate an entry, you can use the supplied shell script
+///
+/// @LIT{/usr/sbin/arango-password \<username> [\<password>]}
+///
+/// Note that you must stop the @LIT{arangod} server before executing this
+/// script.
+///
+/// @section DbaManualAuthenticationCommandLine Command-Line Options for the Authentication and Authorisation
+/////////////////////////////////////////////////////////////////////////////////////////////////////////////
+///
+/// @anchor CommandLineArangoHttpAuth
+/// @copydetails triagens::arango::ArangoServer::_httpAuth
+////////////////////////////////////////////////////////////////////////////////
+
 // Local Variables:
 // mode: c++
 // mode: outline-minor
diff --git a/arangod/RestServer/ArangoServer.h b/arangod/RestServer/ArangoServer.h
index 3ca07535e8..ebb5e623d4 100644
--- a/arangod/RestServer/ArangoServer.h
+++ b/arangod/RestServer/ArangoServer.h
@@ -304,8 +304,8 @@ namespace triagens {
 ///
 /// @CMDOPT{--server.http-auth @CA{flag}}
 ///
-/// If @CA{flag} is @LIT{yes}, then the HTTP access is secures with a basic
-/// authentication. The user and sha256 of the password are storted in a 
+/// If @CA{flag} is @LIT{yes}, then the HTTP access is secured with "HTTP Basic
+/// Authentication". The user and sha256 of the password are stored in a
 /// collection @LIT{_users}.
 ////////////////////////////////////////////////////////////////////////////////
 
diff --git a/lib/HttpServer/HttpHandlerFactory.cpp b/lib/HttpServer/HttpHandlerFactory.cpp
index 2a6b035922..df56fe8e38 100644
--- a/lib/HttpServer/HttpHandlerFactory.cpp
+++ b/lib/HttpServer/HttpHandlerFactory.cpp
@@ -48,7 +48,7 @@ namespace triagens {
     // constructors and destructors
     // -----------------------------------------------------------------------------
 
-    HttpHandlerFactory::HttpHandlerFactory (string const& authenticationRealm,
+    HttpHandlerFactory::HttpHandlerFactory (std::string const& authenticationRealm,
                                             auth_fptr checkAuthentication)
       : _numberActiveHandlers(0),
         _authenticationRealm(authenticationRealm),