Dynamic run-time selection and sourcing of service components provide considerable potential in todays changing business world. They provide means to counter agility, flexibility and the ability to integrate applications originating from systems of different security domains. While the advantages are obvious strong implications to security in general and authorizatin and access control in particular do exist. In this paper we present an infrastructure-based approach for en-route dynamic credential enrichment. It enables dynamic replacement of access-restricted service instances by implementing runtime supplementation of security tokens. If authorized, a security intermediary accesses user profiles and retrieves security tokens supplied by identity providers and needed for access control at dynamically selected accessrestricted service instances.