From security protocols to systems security. Commentary. Authors' reply

When applying information security, we need to go beyond the analysis of individual security protocols and consider how they are used within distributed systems, software applications and services. Important as they are, security protocols only form a part of the overall security engineering design for a particular distributed system. The effective use of any security protocol will typically depend upon certain structural data such as key information being available for use by some - and at the same time made unavailable to others. Systems need to be designed with requirements like these in mind ([1,2]).