Abstract: Resolving grid access control is more raring, while grid application is emerging quickly. Grid access control elements are formalized. Notion of role and role-delegation in Grid is defined. This paper analyzes the characteristics of grid access control, authorization elements, authorization module and authorization policy. It puts forward a paradigm of grid computing role-based access control which adoptes proxy certification and attribute certification.

Key words: Grid, Virtual organization(VO), Delegation, Authorization, Credential

摘要： 随着网格应用的不断建立，解决网格访问控制问题愈发急迫。该文形式化描述了网格访问控制元素，定义了网格用户角色和角色委托概念，分析了网格计算访问控制特性、授权要素、授权模式、授权策略，结合使用代理证书和属性证书提出了一个基于角色的网格计算访问控制实现方案。

关键词: 网格, 虚拟组织, 委托, 授权, 信任状