In a dynamic and distributed environment, it is often difficult for a complex business process to follow a static business specification. The applications and services involved in a complex business process are typically heterogeneous, provided by different organizations. Since each organization has its own security mechanisms and policies to protect its local resources, the business process has to operate among multiple, heterogeneous security realms. For these applications, security procedures are often omitted in the interest of performance. Collaborating services in a system with a Service Oriented Architecture (SOA) may belong to different security realms but often need to be engaged dynamically at runtime.