Many message-based computing systems include security scheme for messages sent from one process (e.g. a piece of running software) to another process. Typically, such security schemes include an authentication mechanism in which the sender's “identity” is verified (e.g., checking a username/password) and an authorization mechanism in which the “actions” (e.g., accessing a resource) the sender is authorized to perform are determined. An access control mechanism can then be used to determine whether the message can then be allowed to proceed to the target process.
However, conventional message-based systems typically support only one security mechanism with a single level of security. Consequently, when a message is sent in a path having multiple security schemes (e.g., when the path has one or more intermediaries that use a different security scheme from that of the original sender), the security process can become complex (e.g., requiring the original sender to know the security scheme of each intermediary so that the message will meet the security requirements).