<p>We
introduce a distributed, fine-granuled, policy-based resource access control
protocol leveraging on Attribute-Based Encryption. The protocol secures the
whole access control procedure from the authorization issuer to the resource
server providing grant confidentiality, proof of possession, antiforgery and
may be implemented through a common web token exchange flow plus a HTTP basic
authentication. As such, it may easily map to Cloud computing SaaS paradigms,
enabling services integration into a single authorization-centric ecosystem
even across multiple identity domains. We also present the results of a
performance evaluation on a first prototype implementation.</p>