source: examples/access_tests/creddy_prover/README @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100644
File size: 2.2 KB
Line 
1
2policy.sh is the main policy file. It contains the RT policy
3  rules Ted translated from Jeff's initial GENI authorization
4  writeup.  There are 6 scenario setups and related query tests.
5
6scenario_s1.sh, a simple user and project example
7  s1_query.py and s1_run_query are 2 sets of query calls where
8  the first is in python and 2nd uses the prover bundled with
9  libabac
10
11scenario_s2.sh, various member, member_(delegated) and
12  delegate_member_ relations between different users are setup to
13  show different possible access policy proof solutions
14  s2_query.py and s2_run_query are the query calls 
15
16scenario_s3.sh, various memberQ, memberQ_(delegated) and
17  delegate_memberQ_ relations between users are setup similar to
18  scenario_s2.sh but with the role qualified.
19  s3_query.py and s3_run_query are the query scripts
20
21scenario_s4.sh, various controls, controls_(delegated) and
22  delegate_controls_ relations between slices and users are setup
23  to show access permission to slices.
24  s4_query.py and s4_run_query are the query scripts.
25
26scenario_s5.sh, various controlsQ, controlsQ_(delegated) and
27  delegate_controlsQ_ relations between slices and users are setup
28  similar to scenario_s4 but with qualifed role.
29  s5_query.py and s5_run_query are the query scripts
30
31scenario_s6.sh, setup relations to test createSlice and speaksFor
32  s6_query.py and s5_run_query are the query scripts
33
34  Note:   delegate_member_
35          delegate_memberQ_
36          delegate_controls_
37          delegate_controlsQ_
38  are needed to avoid the recursing in the original policy rule
39  PA.member_(?P:PA.standard) <- (PA.member_(?P)).member_
40
41run_test, is the main test control script
42
43
44resulting files after ./run_test call,
45    yap_clauses, is the prolog clauses that libabac generated for policy.sh
46    main_yap_clauses, is the prolog clauses in more user friendly form
47    s#_yap_clauses, contains the prolog clauses libabac generated for each
48          of scenario setup
49    my_s#_yap_clauses, is the more user friendly form of s#_yap_clauses
50    s#_result.cn, is the more user friendly proof result
51    s#_result.sha, is the proof result with sha values
52    s#_result.save, is the baseline result used for regression test comparison
53
54
55
Note: See TracBrowser for help on using the repository browser.