• Windchill ESI uses the out-of-the-box security capabilities provided by TIBCO EMS.

• Each JMS queue is secured. Specifying which users are allowed to access the queue and what functions they are allowed to perform on the queue are performed at installation and configuration time.

• Two client user accounts are configured in the EMS server: a user from Windchill and a user from TIBCO BusinessWorks.Windchill ESI does not use dynamic (message level) authentication to the JMS queues.

• The EMS shared configuration in TIBCO BusinessWorks, which describes the EMS connection and is used to authenticate to the EMS server, is set at implementation time and is not obfuscated.