Hi everybody,

I'm wondering if anybody knows any good sources for information on
integrating security into an application's architecture. I'm in a position
where I can't rely on a platforms security mechanisms (NT authentification,
SSL, encryption APIs, etc ...) so I have to create my own tools.

So far I've designed and built quite a few things, from custom a
challenge/response framework, a public key infrastructure, and a digital
signature system.

What I'm looking for is some sort of architectural pattern language for
security, or a some kind of publication on the subject. I need to validate
my design and information on designing security systems is rather scarce.

Marc D'Aoust
OSTnet OpenSource Technologies Inc