In a distributed environment, a specific right may be required while a task is controlled and processed. A user should delegate enough rights to a task for processing. Tasks cannot work correctly if delegated rights are insufficient, or security threats may occur if delegated rights are excessive. Restricted delegation is the step that delegates proper rights to a task, and that enables fine-grained authorization in the Grid. In this paper, we propose the WAS architecture as a method for supporting restricted delegation and rights management. In contrast to traditional architecture, the WAS architecture uses a workflow that describes the sequence of rights required for normal execution of a task. By using the workflow, the WAS architecture is able to check whether the task exercises allowed rights. The WAS architecture is implemented on Globus toolkit 2.0 and extended on Globus toolkit 3.0.