In the context of Web services, access control presents some interesting challenges, especially when services are exposed to a global audience, with users accessing them from different systems and under different security settings. A decentralized approach to access control, which can be applied to such open environments, is represented by Trust Management. In fact, it is based on the peer-to-peer delegation of access rights among users, also across organizational boundaries, without supposing a-priori the existence of trusted third parties in the system. This article presents dDelega, a Trust Management framework for SOAP-style and REST-style Web services, available as open source software and usable in different application scenarios. The framework allows users to create multiple levels of delegation of access rights for protected resources. It defines various certificates, for binding names, permissions and oblivious attributes to users, adhering to relevant standards, such as WS-Security, SAML and XACML.