摘要
In dynamic Grid virtual organizations, domains involved must agree upon cross-domain access control policies for their shared resources. Currently, almost all access control mechanisms in Grid security can not support collaborative privilege management. In this paper, we propose a negotiation-based cross-domain access control mechanism, which can be divided into two stages: multi-domain negotiation stage to solve permission assignments to domains and bidomain negotiation stage to make concrete cross-domain access control policies based on user attributes between two domains. Negotiation models and processes are presented as well as examples to illustrate their application.