Security requirements such as authentication, authorization, and security session should be considered during development of Web service systems. Developing security code for Web services can be problematic since there may be several developers writing similar code separately. This makes security code tangled and scattered, reducing maintainability and modularity of the system. This research proposes the integrated security patterns based on a number of authentication, authorization and security session patterns from the literature, and apply them in the design of the service side of the system. In addition, Aspect-Oriented Programming (AOP) is applied to the client side. The research presents an experiment to study the impact of the integrated security patterns and AOP on modularity of the system. We measure modularity of a Web services system of a telecommunication company in Thailand before and after applying the patterns and AOP. The results show that both techniques can together improve modularity on service and client sides.
