As many software systems migrate their component communication to the web service paradigm, security becomes an immediate concern. Many existing solutions cannot handle complex situations involving the user, session, application, and any number of XML inter-related documents. The learner information management web service we develop for an e-learning environment has to control access of inter-related XML documents representing different roles of users in the e-learning environment. In this paper, we present an authentication and authorization model for web services that provides access control of inter-related XML documents. This scheme works especially well when the documents that will be operated on are organized in hierarchical structures, like the collections in a native XML database.