A virtual security server enabling a set of applications to access a plurality of security services. In response to a service request from a software application, the virtual security server receive service determines which of the security servers is able to provide the requested service. The virtual security server sends to a selected security server data enabling the selected security server to provide the security service corresponding to the service request. Accordingly, communication between the applications and the security servers is simplified because the application are not required to manage negotiation protocols associated with the security servers and choose the security server(s) appropriate for the required service.