The present document specifies mechanisms at the stage 2 level defined by ETS 300 387 [i.2] for secure and privacy-preserving communication in ITS environments. It describes facilities for credential and identity management@ privacy and anonymity@ integrity protection@ authentication and authorization. The mechanisms are specified as stage 2 security services according to the 3 stage method described in ETS 300 387 [i.2]@ and identify the functional entities and the information flow between them. The stage 2 security services will be refined into a number of security protocols as part of the stage 3 specifications. There may be several security protocols able to fulfil the requirements of a security services. The present document describes the stage 2 security architecture of the ETSI Intelligent Transport System (ITS). The stage 2 security architecture and security services shall be used as the basis for further developing the ITS security architecture by mapping the security services and its functional components to the ITS architecture [i.7]. This mapping is part of stage 3 specifications.