Abstract: A system is disclosed to provide service authorization. The system provides authorized access to services using various identity tokens that represent authorized users, services, servers or other devices, as well as specific instances of users authorized for a service and specific instances of users authorized for a service on a particular server or other device.