In Web services, a framework for the separation of authentication (IdP) and services (SP) has been proposed and actually deployed. In this framework, quality of information provided by IdPs and SPs must be evaluated to assure the security of services. In this paper, we propose a security model in which IdPs and SPs obtain grades according to their assurance of services, and exchange information when the grade of counterparts matches their requirement. Our model gives grades to both IdPs and SPs, while in the conventional model, IdPs are the targets of grades. We also give criteria for evaluation of grades of IdPs and SPs. Grades of IdPs are given based on conventional CP/CPS and the NIST standard. Grades of SPs are given based on the risk assessment of information security used in ISMS etc., and on a general security criteria for system administrations/operations. Moreover, we propose security trust engineering as the generalization of security analysis based on grades. A matching mech...