Internet-focused application components of cooperating enterprises need comprehensive security technologies that go far beyond simple Internet authentication and authorization mechanisms. Basically, authentication is the process of determining the identity of a user or system, whereas authorization is the process of specifying who is allowed to access which resources. XML-based Web services is an upcoming and very promising technology. It enables the communication among Internet application components regardless of their implementation language. A major drawback of existing Web service approaches is the missing security conventions. Therefore, we concentrated all our effort on developing a holistic extended enterprise authentication and authorization system to facilitate agile and secure enterprise-spanning business processes with Web service-enabled application components.