Cross domain resource sharing and collaborations have become pervasive in today’s service oriented organizations. Existing approaches for the realization of cross domain access control are either focused on the model level only without concrete implementation mechanisms, or not general enough to provide a flexible framework for enterprise web applications. In this paper, we present xDAuth, a framework for the realization of cross domain access control and delegation with RESTful web service architecture. While focusing on real issues under the context of cross domain access scenarios such as no predefined trust relationship between a service provider domain and service requestor domain, xDAuth leverages existing web technologies to realize desired security requirements while supporting flexible and scalable security policies and privacy protection with low performance overhead. We have implemented xDAuth in a medical module in OpenERP, an open source ERP system. Our evaluation de...