Systems, methods, and apparatus for identity access management for web services are disclosed. The method includes: creating on a user device, a session's access token and an identity token to be sent along with a request for accessing web services, wherein: the accessing of web services includes at least one of: retrieving and pushing information from an instance storage which is client specific and protected from unauthorized access by another instance storage; the session's access token indicates a location where the session's access token was created, an expiration time, and a hash identity for verifying a validity of the session's access token; the identity token identifies a user who sends the request; and authenticating the user on the user device according to the session's access token and the identity token to authorize the accessing of web services in a session.