For the fact that traditional Access Control models are mostly static, coarsely grained, and not well suited for solving the application in the security of web services. This paper extends access control models by introducing actions based on attribute-based access control. The model avoids the complex structure of multi-attribute and solves the problem that relevant dynamic authorization and permission changes. This paper structures the model by using SAML and XACML. The implementation of this model is given through examples.