摘要： 网格安全基础设施解决了身份鉴别、保密性和完整性问题，但难以有效解决访问控制问题，传统的访问控制模型也不能很好地满足网格的安全需求。该文提出一种基于任务和角色的计算网格访问控制模型。该模型通过定义授权步及系统条件约束，能动态地控制主体访问资源的权限，具有较好的通用性、灵活性和可扩展性，并已在计算网格实验平台中得到了实现。

关键词: 计算网格, 访问控制, 授权步

Abstract: Grid Security Infrastructure(GSI) is emerged for identify authentication, data confidentiality and integrity, but can not solve problems about access control well. Traditional model of access control can not satify security requirements of grid either. This paper describes a task-role based access control model for computing grid. The model defines authorization steps and system conditions, and the permissions can be dynamically controlled. The model is implemented in computing grid experimental platform, and is proved to be universal, flexible and extendable.

Key words: computing grid, access control, authorization step

中图分类号: 

• TP309