It is strongly recommended that you use Kerberos user and service principals to authenticate users, agent pools, and agent services to one another on or across a secure platform or distributed platform.
Platform security can be turned on or off. If you choose to run on or across a platform that has security turned off, anyone can deregister or modify another person's agent descriptions. Anyone can change the capabilities or state of any agent. Anyone can remove or answer any requests, even if they are not their own. Agents can potentially take destructive actions when being used incorrectly or by the wrong user. To ensure that agents are used the way they were intended, security features have been added to the infrastructure of the platform.
When security is turned on, agents and services will be able to authenticate and authorize every action that is taken on or across the platform. An agent can only deregister or alter its own agent description, an agent must authorize all answered requests and capability changes, and a certain authority level will be required to alter the state of an agent. The use of an agent can be limited to certain users and locations. When security is turned on, every action that occurs can be traced back to a known user so platform authentication and authorization can occur.
If you choose to secure your agent platform, you can turn security on by changing the Security property to Security=on in the able.preferences file that defines your platform.