The research communitiy has shown considerable interest in studying access control in single Trusted Operating Systems (TOS). However, interactions among multiple TOSs have attracted relatively little attention. In this paper, we propose a Collaborative Role-Based Access Control (C-RBAC) model for distributed systems in which accesses across system domain boundaries are allowed. Access entities in a TOS vary in time. The changes in the organizational structure of the access entities in one system may influence other cooperating systems. In addition, policy-freeness, domain and rule conflicts are possible. These problems restrict the flexibility and scalability of coordination. We propose drafting a meta-component to play the role of a coordinator in multi-domain role-based access control. It is then possible to impart flexibility and scalability in a secure fashion. Experimental studies of the proposed model with the Network File System and SELinux system support our conclusion.