摘要： 针对网格访问控制的多域性和动态性，指出了传统访问控制策略在实际应用中的不足，对现有RBAC模型进行功能上的扩展，建立了基于环境-角色的网格访问控制模型G_ERBAC。该模型引入环境实体以及域管理的概念，根据域间动态角色映射规则实现用户-角色分配，通过基于环境的动态安全引擎机制调整角色-权限，实现了用户-动态角色-动态权限的相关，从而能更好地适用于网格环境。

关键词: 网格, 基于角色的访问控制, 基于环境-角色的网格访问控制

Abstract: Aiming at the multi-domain and dynamic characteristics of the access control in gird, the shortage of traditional access control strategy is demonstrated. The RBAC model is functionally branched out and the G_ERBAC model is presented. In G_ERBAC model, the environment entity and the concept of domain management are introduced. With its user-role assignments performed according to dynamic role reflection rules between domains, and role-permission adjusted by environment-based dynamic security engineering machine, the G_ERBAC model provides user-active role-active permission associated dynamically, and it is more suitable for grid.

Key words: grid, Role-based Access Control (RBAC), G_ERBAC

中图分类号: 

• TP311