Single　Sign-On　is　one　of　the　more　popular　enterprise　business　integrated　solution　currently.　For　the　complex　self-domains　across　different　application　requirements,　the　article　researches　the　traditional　single-point　sign-on　system,　and　presents　a　combined　access　control　model.　The　main　form　of　the　model　is　implemented　on　Web-service.　It　extends　RBAC　access　control　model,　proposes　R-R　role　mapping　concept　and　makes　use　of　extensible　policy　language　SAML　and　XCAML.　At　last　implement　of　the　application　the　model　is　verified　on　the　existing　system　and　we　propose　the　problems　to　solve　next　step.　©　2010　IEEE.