source: examples/access_rt2_typed/README @ c469edf

mei_rt2mei_rt2_fix_1meiyap-rt1rt2
Last change on this file since c469edf was da5afdf, checked in by Mei <mei@…>, 13 years ago

1) add static contraint

(limited to integer at this time)

  • Property mode set to 100755
File size: 2.7 KB
Line 
1#!/bin/sh
2
3rm -rf *.der *.pem
4
5# alpha.access(read,fileA)<-?-bob  good
6# [keyid:Alpha].role:access([string:'read'],[urn:'file//fileA']) <-?- [keyid:Bob] (yes)
7
8creddy --generate --cn Alpha
9creddy --generate --cn Bob
10creddy --generate --cn Joe
11
12alpha_keyid=`creddy --keyid --cert Alpha_ID.pem`
13bob_keyid=`creddy --keyid --cert Bob_ID.pem`
14joe_keyid=`creddy --keyid --cert Joe_ID.pem`
15
16
17access_qFqP="access([string:'read'],[urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])])"
18team_qP="team([string:?P])"
19
20#[keyid:alpha].role:access([string:'read'],
21#                    [urn:?F[keyid:alpha].oset:documents([string:?P])])
22#                                     <- [keyid:alpha].role:team([string:?P])
23creddy --attribute \
24       --issuer Alpha_ID.pem --key Alpha_private.pem --role "$access_qFqP" \
25       --subject-cert Alpha_ID.pem --subject-role "$team_qP" \
26       --out Alpha_access_qFqP__alpha_team_qP_attr.der
27
28
29#[keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
30creddy --attribute \
31        --issuer Alpha_ID.pem --key Alpha_private.pem \
32        --oset "documents([string:'proj1'])" \
33        --subject-obj "[urn:'file//fileA']" \
34        --out Alpha_documents_proj1__fileA_attr.der
35
36# [keyid:alpha].role:team([string:'proj1'])<-[keyid:Bob]
37creddy --attribute \
38        --issuer Alpha_ID.pem --key Alpha_private.pem \
39        --role "team([string:'proj1'])" \
40        --subject-cert Bob_ID.pem \
41        --out Alpha_team_proj1__Bob_attr.der
42
43# [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
44creddy --attribute \
45        --issuer Alpha_ID.pem --key Alpha_private.pem \
46        --role "team([string:'proj2'])" \
47        --subject-cert Joe_ID.pem \
48        --out Alpha_team_proj2__Joe_attr.der
49
50
51#####################################################################
52# alpha.access(read,?F:alpha.documents(?proj)) <- alpha.team(?proj)
53# [keyid:alpha].role:access([string:'read'],
54#                    [urn:?F[keyid:alpha].oset:documents([string:?P])])
55#                                     <- [keyid:alpha].role:team([string:?P])
56#
57# [keyid:alpha].role:access([string:'read'], [urn:?F])<- [principal:?B]
58#                [keyid:alpha].oset:documents([keyid:?P) <- [urn:?F]
59#                [keyid:alpha].role:team([string:?P]) <- [principal:?B]
60#
61#
62# alpha.documents(proj1)<-fileA
63# [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
64# isMember('file//fileA', oset(alpha,documents,'proj1'))
65#
66# alpha.team(proj1)<-bob
67# [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
68# isMember(bob,role(alpha,team,'proj1'))
69#
70# query,
71# alpha.access(read,fileA)<-?-bob  good
72# [keyid:alpha].role:access([string:'read'],[urn:'file//fileA']) <- [keyid:bob]
73# isMember(bob, role(alpha, access, 'read', 'file//fileA')).
74#
Note: See TracBrowser for help on using the repository browser.