Queue-based security that uses mini-certificate based mutual authentication, and message-level security that uses digital signature, have triggered the concept of authenticatable entity. In the case of mutual authentication it is normal to think about the authentication between two users but, messaging generally has no concept of users. The normal users of messaging services are applications, and they handle the user concept.
MQe abstracts the concept of target of authentication from user to authenticatable entity. This does not exclude the possibility of authenticatable entities being people, but this would be application selected mapping.
Internally, MQe defines all queue managers that can either originate or be the target of mini-certificate dependent services as authenticatable entities. MQe also defines queues defined to use mini-certificate based authenticators as authenticatable entities. So queue managers that support these services can have one authenticatable entity (the queue manager only), or a set of authenticatable entities (the queue manager and every queue that uses certificate based authenticator).
MQe provides configurable options to enable queue managers and queues to auto-register as an authenticatable entity. MQe private registry service, MQePrivateRegistry provides services that enable an MQe application to auto-register authenticatable entities and manage the resulting credentials.
All application-registered authenticatable entities can be used as the initiator or recipient of message-level services protected using MQeMTrustAttribute.