This paper presents a security architecture for large-scale distributed computing environments, known as computational grids. The authors, Ian Foster and colleagues, address the unique security challenges posed by these environments, which involve dynamic resource allocation, complex communication structures, and the need for single sign-on across multiple administrative domains. They propose a security policy that supports authentication, access control, and interoperability with local security policies. The architecture includes user proxies, resource proxies, and protocols for authentication, resource allocation, and mapping between global and local subjects. The Globus metacomputing toolkit is used to implement this architecture, demonstrating its feasibility through a large-scale deployment on a testbed spanning 20 sites. The paper also discusses related work and outlines future directions for enhancing the security architecture.This paper presents a security architecture for large-scale distributed computing environments, known as computational grids. The authors, Ian Foster and colleagues, address the unique security challenges posed by these environments, which involve dynamic resource allocation, complex communication structures, and the need for single sign-on across multiple administrative domains. They propose a security policy that supports authentication, access control, and interoperability with local security policies. The architecture includes user proxies, resource proxies, and protocols for authentication, resource allocation, and mapping between global and local subjects. The Globus metacomputing toolkit is used to implement this architecture, demonstrating its feasibility through a large-scale deployment on a testbed spanning 20 sites. The paper also discusses related work and outlines future directions for enhancing the security architecture.