Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes
