In an enterprise system many physical identities (such as usernames, certificates etc.) can be used to represent a single logical identity through different parts of the enterprise. Identity propagation ensures that the logical identity is kept throughout the system by mapping between the various physical forms as necessary. For example, a message might enter the system using a certificate and a username token might be required for back-end processing of the message.
Identity mapping is used to convert from the certificate to the username token, and identity propagation ensures that the mapped identity is placed in the correct place for the outbound transport. The broker distinguishes between Session-based and Message-based security.
For more information see Identity mapping and Session-based and message-based connections and security.