With the mutual consent to use WSDL (Web Service Description Language) to describe web service interfaces and SOAP as the basic communication protocol, the cornerstone for web service-oriented architecture (WSOA) has been established. Considering the momentum observable by the growing number of specifications in the web service domain for the indispensable cross-cutting concern of identity management (IdM) it is still an open issue how a WSOA-aware IdM architecture is built and how it is linked with WSOA’s main elements, the web services providing functional core concerns. In this paper we present an access control model for WSOA and a blueprint of a WSOA-aware authorization verification service which is part of the IdM architecture. We show the integration of this service with WSOA consisting of both basic and composite web services. Our solution has been tested and evaluated in an implementation case study.