Grid computing facilitates resource sharing typically to support distributed virtual organizations (VO). The multi-institutional nature of a grid environment introduces challenging security issues, especially with regard to authentication and authorization. This article presents a state-of-the-art review of major grid authentication and authorization technologies. In particular we focus upon the Internet2 Shibboleth technologies and their use to support federated authentication and authorization to support interinstitutional sharing of remote grid resources that are subject to access control. We outline the architecture, features, advantages, limitations, projects, and applications of Shibboleth in a grid environment. The evidence suggests that Shibboleth meets many of the demands of the research community in accessing and using grid resources.