A security service layer and method for controlling a communication between a client running an application and a target wherein a message including parameters specifying the communication is analyzed and, based on the analyzing result, at least one service routine is selected from a number of available service routines. The communication is then controlled on the basis of the selected service routines. The client and the application running at the client may be security unaware since all security relevant functions are executed on behalf of the application by the service security layer. Application dependent service routines are selected dynamically during the communication between the client and the target. A service routine may include security mechanisms or support mechanisms, such as data handling.