During the past decade, the telecommunication environment has evolved from single operator featuring voice services to multi-operator featuring a range of different types of services. Services are being provided today in a distributed manner in a connectionless environment requiring cooperation of several components and actors. This paper focuses on the incremental means to ensure access to services for authorized users only by composing authentication and authorization patterns and services. We propose a novel framework of authentication and authorization patterns for securing access to services for authorized users only, and we demonstrate how the patterns can be dynamically composed with services using a policy-driven approach.