I was going to ask your opinion on my earlier post but I see you had already replied there! Clearly you went ahead with using Event Store as an integration layer between services.
May I ask how you handle the security in Event Store? Does each producer or consumer service have its own login to Event Store, or do you use a single, global login?
In terms of the topic of the linked post, how do you handle the notion that certain services “own” certain event streams in Event Store (e.g. the Widget Service is the only actor that should generate events in the Widget streams)? Is it an honor system where services don’t misbehave and post events to streams that they have no business posting to, or do you enforce the separation in some other way?