The specifications of geospatial information services released by OGC provide a comprehensive framework for integration and sharing of distributed and heterogeneous geospatial information. Due to various security threats in distributed environment and prevalent copyright violations in practice, there is a strong demand to secure access to geospatial information provided in the form of services. The requirements for geospatial information services are fine-grained and spatially aware access control. In this paper, we propose a mechanism of using GeoXACML and SAML to realize access control for geospatial information services. The GeoXACML is responsible for declaration of geospatial authorization rules. The SAML is in charge of security assertions, secure transmission, and authentication in multiple security domains. Finally, we present the reference framework of the access control system and explain the specific procedure to control access to geospatial information services.