Abstract: A new access control model based on security assertion markup language(SAML) is added to campus grid system. Workflow of access control and the authorization service are discussed. The attribute-based access control policy and the security assertion mapping solution are also adopted in this system. It integrates with the portal, which is in charge of the interface between resource consumers and resource providers. It shows more flexibility and reliability.

Key words: Security assertion markup language(SAML), Assertion, Attribute-based access control(ABAC), Policy, Deployment

摘要： 引进了安全断言标记语言技术，采用基于属性的访问控制策略和安全断言映射方法，讨论了访问控制的流程及相关的授权、认证服务，为校园网格引入了一种访问控制模型，该模型和网格中资源提供者与消费者之间的界面——Portal充分集成，提高了访问的灵活性和可靠性。

关键词: 安全断言标记语言技术, 断言, 基于属性的访问控制, 策略, 部署