With the progress of enterprise globalization and the development of combination and differentiation in enterprise business, organizations become more dynamic, and business processes are frequently changing. As a result, workflow access control turns more complicated. To solve this problem, in view of decoupling the workflow access control model from the process model, a service-oriented workflow access control (SOWAC) model is presented. In the SOWAC model, service is the abstraction of a task and the unit for applying access control. Therefore, access control of tasks is replaced with access control on services. The elements of the SOWAC model are described and the enforcement of SOWAC is illustrated by an example workflow. Then the dynamic separation of duty for the SOWAC model is proposed based on the authorization history of services. By applying the SOWAC model in a real workflow system, it shows that the SOWAC model is practical and effectual.