Abstract: The access control mechanism in open systems can not only respond to the access requirement of a large amount of users whose identities are not recognizable in advance, but also reflect context information in user's access requirements. We propose a trustworthiness and contextbased access control model (TC-RBAC) and give a method of evaluating the trustworthiness of users. By means of trustworthiness, the applicable roles are assigned to the users whose identities are not recognizable in advance. Besides, context constraint contributes to the decisions of authorization according to context information in user's access requirements. These satisfy the design demands of the access control mechanism in open systems. t