计算网格安全政策实施模型的框架和分析

根据计算网格特点及其一般安全需求，从政策的制定和实施角度出发，提出了一个完整可行的安全政策实施模型SPIM．在对计算网格中各类实体间新信任关系进行分析的基础上，选择并确立了模型中的功能实体，将VO的全局安全管理和传统管理域的安全管理分开考虑，引入了GSPEC和LSPEC两类重要的安全管理实体；定义了安全交互过程，使GSPEC和LSPEC可以独立地对用户身份进行鉴别，动态地对用户进行授权；规定了交互过程中所使用的凭证．从而保证在SPIM中，VO的全局安全政策和资源所在管理域的局部安全政策可以相互独立地制定、修改和执行，并在执行时保证各级政策能得到一致的实施．

Security policy implementation model in computational grid

The necessity of building a security policy implementation model in the computational grid is analyzed. Considering the formulation and implementation of security policies, an intact and feasible security policy implementation model (SPIM) is proposed. Based on the analysis of the trust relationship among all kinds of entities in grid, functional entities in the model are chosen and established. The overall security management of VO (virtual ognization) and security management of traditional administrative domain are considered separately, and two kinds of important security management entities, GSPEC (global security policy execution center) and LSPEC (local security policy execution center) are indtroduced. The mutual course is defined, which makes GSPEC and LSPEC enable to independently authenticate and dynamically authorize the user. Warrants used in the mutual course are also stipulated. Under this model, the formulation, modification and implementation of the global security policies of VO and local security policies of the administrative domains can be done independently. And consistent implementation of policies at all levels can be guaranteed.