Security and standards compliance
The OpenURL Router does not include access control. All requests will be redirected to the appropriate local resolver. This does not affect security, since the OpenURL Router does not enable any HTTP requests that could not have been made anyway. Of course, local resolvers are free to add access control if desired.
The OpenURL Router does not affect the information encoded in OpenURL links (in OpenURL parlance, the base URL is manipulated, but the query remains unchanged). The end result will be just as if the original OpenURL link had been addressed directly to a local resolver.
This means that the OpenURL Router is not dependent on any particular version of the OpenURL standard. There is no intention to enforce compliance with the standard.