In Web service environment, the interacting entities usually cannot be predetermined and may be in different security domains. To address the access authorization for unknown users across domain borders, access control of Web service should be implemented based on domain-independent access control information but not the identities. A context-based access control policy model which can be appropriate for Web service environment was proposed. The main idea of the model was that, various access control information was abstracted and represented as a concept of context which was adopted as the center to define and perform access control policies. The context concept here acted as an intermediary between requesters and the access permissions, which was similar to the role of Role-Based Access Control (RBAC) in a way. Context-based access control policy axioms were defined based on Description Logic (DL), on the basis of these axioms, the access control policy knowledge base with the capacity of reasoning about the access control policies was put forward. Finally, the effect of access control policy enforcement was verified in Racer reasoning system, and the experiment result proved the feasibility and validity of the presented method.