Each service group can have a key store. This key store is a container in LDAP in which the private keys of the service group itself can be stored. Private keys can be used for signing and encryption of (parts of) XML data, like SOAP messages. Someone with the public key can verify that nobody changed the data in transport.

When starting a service group for the first time, the Process Platform Monitor creates a key store for the service group and generates a private-public key pair. The Monitor also creates a certificate for the public key and signs it.