Security within information systems context is based on a complicated trust relations and questions on communication prospective. Trust relations are
established between two communicating parties in a relation such as sender/receiver and client/server. When such relations cannot establish trust directly, trusted third parties are used as mediators, which can complicate
matters even farther. Security is taken differently by different persons with different prospective of the communicating systems. To a user, security might mean
protection on privacy, identity theft and against framing.To an administrator, responsible for the correct working of the applications, security might mean protection on data and process integrity, information flow and recourses protection. The (user, application) pair leads to the necessary establishment of four trust relations among them; application-application, user-application,
application-user and user-user. In practice these trust relations are made mutual by, 'I trust you if you trust me'principle. For example, an application trusts a user if the user provides a valid credential at sign-on, the user in turn trusts the application to protect its data and process such that, his/her identity has not being compromised.
Whose fault is it when an identity is caught doing an illegal act? Is it a dishonest user, who is the owner of the identity, or an application with weak security policies and implementation, which allow identities theft to occur? It
might well be the fault of a weak communication link protocol which leak users' identity under the establishment of trust relations mention above. In this paper we propose some security tools based on open-source software for Web applications/services for teams of developers and implementers of limited size.
Web applications/services have been developed and deployed due to necessity and not based on commercial goals.
Members of development teams (developers and engineers), normally have different levels of technical knowledge, experience and know-how. Usually, such a project concentrates on workability of a system in a complex environment rather than producing commercial grade software for an assumed environment. To meet the
workability goal, security concerns are not taken into consideration due to lack of experience and/or work knowledge. We believe that by using simple and openended
software tools, developers, and implementers can achieve both workability and a higher level of security due to the fact that a system being developed is under a
full control of the developers. The paper is organized as follows. Related work is
presented in Section 2. Trust relations are discussed in Section 3. In Section 4 we proposed the use of signed massage of digital envelope package to be used in XMLRPC communication that ensures security, privacy and non-repudiation. A method of using password card called PASS-card for Web sign-on that does not disclose users' system credentials is presented in Section 5. The paper ends with a conclusion.