Title: Archictectural Patterns for Enabling Application Security Authors: Joseph W. Yoder, Jeffrey Barcalow Email: yoder@cs.uiuc.edu, barcalow@xnet.com Contact Info: Joseph W. Yoder 7 Florida Drive Urbana, IL  61801 (217) 344-4847 Abstract: Making an application secure is much harder than just adding a password protected login screen. This paper contains a collection of patterns to be used when dealing with application security. Secure Access Layer provides an interface for applications to use the security of the systems on which they are built. Single Access Point limits entry into the application through one single point. Check Point gives the developer a way to handle an unknown or changing security policy. Groups of users have different Roles that define what they can and cannot do. The global information about the user is distributed throughout the application with a Session. Finally, users are presented with either a Limited View of legal options or are given a Full View With Errors. These seven patterns work together to provide a security framework for building applications. Subject Area: Application Security Keywords: Application Security