Using the theory of unified authentication and RBAC model and combining with the Web service technology, presents a unified identity authentication and authorization service interface specification, and gives it on trial in the enterprise application system. It shows that the authorization method and interface specification achieve a login, unified authentication and unified rights management between each application system, but the single sign-on and audit functions need to be further improved.