The authorization decision on resources is the major problem in collaborative information systems. Firstly, the term “action” was defined based on roles, temporal states and environmental states, and the action-based access control (ABAC) model was presented. Then, the access control mechanism based on ABAC for collaborative information sys-tems was introduced. The security association was defined and its producing procedure was proposed, which contains security properties such as user request, user identity, password, role, temporal state, environmental state and lifetime. Finally, to exchange the security properties among user, action server and resources management server, a secure authen-tication protocol was proposed, and its security was proven under the universally composable model.