source: examples/README @ ab30fdd

mei_rt2mei_rt2_fix_1rt2
Last change on this file since ab30fdd was ab30fdd, checked in by Mei <mei@…>, 13 years ago

1) add a missing query file
2) tweak some doc files

  • Property mode set to 100644
File size: 2.4 KB
Line 
1
2This directory contains various ABAC scenarios that exercise
3various feature of the current RT2 implmentation using YAP prolog.
4
5The frontend query client is abac_yap_prover.
6
7Each subdirectory has a README script which includes a description
8of the scenario, and the calls that generate the needed credentials.
9There is a run_query script which sets up and runs couple of typical
10query using abac_yap_prover.
11
12runall, is the top level script that will cleanup and setup the
13credentials needed in each subdirectories
14
15runcheck, is the top level script that initiates the run_query scripts
16within each subdirectory with ABAC_CN mode (see below); captures the
17result and compares with the baseline result stored in allout.save.
18runcheck also makes a complete run_query run without ABAC_CN enabled as
19a regression testing and runs a query using python in one of the
20subdirectory
21
22abac_yap_prover
23
24Usage: abac_prover_yap
25        --keystore <keystore>
26        --role <keyid.role> --principal <keyid>
27        --oset <keyid.oset> --object <otype>
28    loads the keystore and runs the query role <-?- principal
29                                the query oset <-?- object
30        --dump <file>
31    extracts all credentials from the prolog db
32
33keystore is the location where the prover will search to load credentials.
34All accessible identity credentials and attribute credentials will be
35picked up one file at a time.
36
37role, oset, principal, and object are specified with principal's SHA1
38value extracted from the credentials that are loaded from keystore location
39using creddy. Example can be found in the run_queryscript.
40
41An actual example from balltime_rt2_typed,
42
43abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed
44  --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium
45                 ([string:'access'],[boolean:true],[time:20120228T130000])
46  --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0]
47
48Currently, the dump option might fail if not enough information is
49stored in the backend db. It will be reimplemented in the near future.
50
51Two useful environment variables,
52
53DUMP_DB, extract the complete yap db to stdout
54ABAC_CN, use CN instead of SHA1 value for identifying the principals. This
55is useful for debugging purpose but will not resolve conflict when CN is not
56uniquely associated with each principal's SHA1 value.
57
58env ABAC_CN=1 runall run
59or
60env DUMP_DB=1 ABAC_CN=1 run_query
61
62
Note: See TracBrowser for help on using the repository browser.