Back to Security Pattern Catalog

Policy Delegate

Classification Key : Core Security


The intricate details of discovery and invocation of security services should be abstracted and loosely coupled from client applications. Then clients and services can be easily replaced with alternate technologies. How can the security services be loosely coupled from application?


Use a mediator to co-ordinate requests between clients and security services. Use the delegate to locate and mediate back-end security services. Perform pertinent message translation to accommodate disparate message formats and protocols. Also perform error translations. Use a stateful or stateless delegate based on system requirements.

Known Uses

Policy delegate using a Service Locator to locate distributed security services, e.g. RMI.


Sun Book


Delegation, Policy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz