摘要： 分析了网格访问控制的特性，提出了基于PKI 的分布式RBAC 模型（G-RBAC），它实现了网格访问控制中的跨信任域授权，并且利用可变属性值的授权证书使得系统能够动态地根据用户的登录环境授予不同的权限。该文给出了G-RBAC 的形式化描述、角色分类以及访问验证算法。最后通过一个实例说明了具体的访问控制过程。

关键词: RBAC；访问控制；网格；PKI；授权；环境感知

Abstract: This paper analyses requirements of access control in grid environments, and presents a framework of PKI-based distributed RBAC(G-RBAC). It solves the problem of authorization between different trust regions in grid, and complements context-aware authorization mechanisms to dynamically grant permissions to users by their current logon environments. The formalization of G-RBAC, the classify of roles and the algorithm of validation are discussed. In the end, an example is given to illuminate the process of accessing grid resources by G-RBAC

Key words: RBAC; Access control; Grid; PKI; Authorization; Context-aware