Context is a key factor in making make access control decision in modern information system. But a formal context model is needed to guide research of implementation of Context-sensitive Access Control (CSAC) model. This paper formally defines a Context-sensitive Access Control, which consists of extendible context model, authorization policy model, request model, authorization algorithm, revoke algorithm, access control decision algorithm, and so on. Then the paper introduces some related algorithms and CSAC implementation. Finally, the paper introduces an access control service for enterprise applications which centralizes all access control functions into one service.