Using --mempool argument when launching the baking software, bakers are able to fetch a mempool from a private server in addition to the mempool of any public Tezos node. By controlling which bakers can access the server (the baker's address is known), users can manage those who can bake their transactions. Thus, bakers must pass a KYC to enter the set of allowed bakers but we will not discuss this part in this document. Once bakers have been validated, the server must be able to authenticate them. The authentication mechanism needs to be determined.