This paper proposes a hybrid model of an authentication technique and a role based access control (RBAC) based on X.509 public key certificate and attribute certificate. With attribute certificate the user role is bound to an identity of the public key certificate in which the permissions are assigned to the holder. A mapping model of RBAC authorization and authentication is presented. In addition, we also deal with the issue of system service disruption and recovery as well as an activity-based policy. With our proposed model, the full authentication, authorization, and accountability (AAA) are supported. We apply the multi agent system concept to facilitate the authentication and the authorization based on the PKI infrastructure. Finally, the project called AmTRUE (authentication management and trusted role-based authorization in multi-application and multi-user environment) has been developed to implement our research idea.