关键词: 委托授权，自动协商，策略，状态转换图

Abstract: The grid system authorizes in delegation model to adapt well to the distributed environment. But the dynamic change of the grid would break the global consistency of privileges in delegation model between different secure domains. To address the problem, this paper introduced an automated negotiation mechanism based on policies. In order to detect the problem timely and negotiate the privileges quickly and renew the global consistency of privileges between the corresponding secure domains,the mechanism defined a set of policy rules,which would conduct the negotiation process to automate, and presented a state transition diagram that the system should follows. Sequentially, driven by the trigger,the mechanism would implement automatically the negotiation state transition, and enforce the privileges negotiation and reauthorize between negotiation parties. The test result shows that, comparing with negotiation process conducted by people, the automated negotiation mechanism improves the efficiency of the solution to the problem and system performance, and simplifies security administration work of the administrators.

Key words: Delegation, Automated negotiation, Policy, State transition diagram