1>Does the web service pass through the useru2019s credentials to authenticate against the backend SAP R/3 system? (I do not 
believe this is enabled in our PI environment today)

You mean to say Principal Propagation?

2> Can the web service itself be configured to require authentication just to be accessed? If so what type of credentials 
would be used? (i.e. authorized at the SAP PI engine)

SAP XI/ PI wont allow un-authorized access (unless you switch off the authorization for the entire protocol)....SAP PI will always ask for authorization...nothing else needs to be done for this.

Hi,

>>>1> Does the web service pass through the useru2019s credentials to authenticate against the backend SAP R/3 system? (I do not believe this is enabled in our PI environment today)

this is possible - it's called principal propagation and it works with RFC and SOAP

>>>>2> Can the web service itself be configured to require authentication just to be accessed? If so what type of credentials would be used? (i.e. authorized at the SAP PI engine)

by default you need to have a user on PI to access WS on PI

3> Could SAP-PI utilize SAP Single Sign-On? i.e. the SAP-PI web service is accessed using Active Directory credentials.. then the SAP-PI web service uses SAP Single Sign-on to authorize that user against SAP R/3 endpoint

check out principal propagation options

4> How many concurrent users do you believe could call the web service without causing serious degradation in performance for everyone using the platform?

depends on the hardware

depends if it's ayns or sync

depends if you can use local AAE or not

Regards,

Michal Krawczyk