This session will explore an advanced information access control system for mobile devices. It has four main entities. The service provider stores the information and has a Web service that allows users to download it. Because of the ease of deployment and the ability to configure a filter that works as a policy enforcement point, this entity is deployed in the WSO2 Application Server. The identity provider authenticates and authorizes system users by verifying certain requirements before giving access to the information. It also encrypts the information with the user public keys stored during the user registration process. This entity is deployed in the WSO2 Identity Server. WSO2 Identity Server provides a user-friendly way to define single sign-on in its web application, to implement the Smartcard functionality and to define the XACML access control policies. The two final entities are a Java card that contains the user keys and a mobile device through which the user displays the information.