Web services provide a standard architecture for heterogeneous systems to share and exchange information over the Internet (Iyer, Freedman, Gaynor, & Wyner, 2003). In this context, Web services are based on the building-block approach of using prior Internet protocols and standards as components of Web services. The building blocks include HTTP, adopted as the transport protocol, and XML, used as the format of the messages that are transferred between cooperating applications (Lim & Wen, 2003). For e-businesses to fully realize the benefits of Web services, security issues need to be addressed. Security has become a major concern for all enterprises exposing sensitive data and business processes as Web services (Bhatti, Bertino, Ghafoor, & Joshi, 2004). In this regard, this research proposes an integrated security approach for Web services architecture. The proposed approach, which is an addendum to the Web services security specifications, is built on XML-role-based access control (RBAC) for Web services business processes. Basically, it supports protocol-independent declarative security policies that can be enforced by Web service providers, and descriptive security policies that clients can use to access the services in a secure manner.