Distributed systems such as SOA are typically heterogeneous systems that are opened to a wide variety of partners, customers,clients and resources, which introduce a new security threats. The organizations must protect their information assets from attacks. Their information assets would be accessed typically through services, which come in different technologies. Therefore in order to obtain security in the access control,suitable approaches must be designed. Since the most important way in implementing SOA is the use of web services, in this article we proposed an architecture for web services in access control to protected services and to adopt some policies on the applications based on ABAC model and SAML standard and XACML languages. The possible activity in the architecture and the implementation stages are explained using use case diagram and sequence diagram in UML.