A classification of security patterns for the transactions between a requester, an intermediary, and a web-service.