Abstract: RFID is prevented from further usage by its security problems.A General RFID Authentication and Authorization Protocol Model（GRAAP Model） was introduced，an adjustment on the data access process of Seo’s RFID four roles model was made to simplify the RFID application authentication process so as to satisfy the practical usage requirement，new roles（RFID tag manager，data owner，data carrier，data accessing entity，etc.） were introduced，as well as the basic structure，roles’ responsibility and systematic protocol prototypes of this model.Comparing to the former RFID authentication protocol prototype，it is more flexible and can be the base of newer and more sophisticated managing，authentication and authorization protocols of RFID devices.