Administrators are advised to give access to the services very carefully. Those services are designed with the purpose of being comprehensive, secure and general services that are exposing (almost) all functionality of midPoint. However, the implementation has not reached that stage yet. Some parts of the service will be further developed in the future. Current purpose of midPoint remote services is to allow access to few trusted applications that implement the barriers the midPoint services do not provide yet. The services are not meant to be used by end users directly.
There are many ways how the use of midPoint services may impact availability of midPoint functions, creating Denial of Service (DoS) situation. The user of the services may create messages that are too long, flood midPoint servers with many messages, depleting network resources, craft messages that overload the server hosting midPoint application or use similar mechanism. Therefore it is recommended to prohibit access to midPoint services on network level, make them available only to trusted entities.
Platform and Dependencies
We recommend not to use experimental features in security-sensitive deployments. Experimental features were subjected only to a very limited amount of testing - including security testing. The functionality may also change at any time in quite unexpected way, there is limited documentation and so on. Therefore you should either thoroughly test the experimental functionality yourself or do not use it at all.