Abstract: To keep free from weak capability of expression of the usage control model based on condition predication decision(UCON_C), realize reasonable task assigning between decision component and execution component, and improve concurrent enforcement of independent authorization processes in the service grid, a delegation certification model is proposed to express the decision result in a fine-grained manner, and the UCON_C is improved. Delegation certification processing statuses are defined to replace the simple access status. The decision component can make the reasonable delegation certification based on the system status when a request arrives, and also make a decision to change the delegation certification processing status when the system status is changed. This method effectively avoids the fact that the same access requests generate the delegation certification repeatedly, and the delegation certification really reflects actual demands of authorization. In an e-Learning Grid, the improved decision model expresses the authorization policy in a fine-grained manner, and exports reasonable decision results. Various access requests satisfies security requirements of application through the suitable decision and control.

Key words: service grid, authorization decision, delegation certification, UCON_C