#!/bin/sh ##################################################################### # scenario #5 # Explores relationship between slice and qualified controls # # Drd, a geniPI, created slices 'sliceA' and 'sliceB' # Drd grants controlsQ/info to Lisa # Drd grants controlsQ_/info and controlsQ_/stop to Tim # Drd grants delegate_controlsQ_/info to John and # delegate_controlsQ_/instantiate to Tim # SA grants controlsQ/info and controlsQ/stop to Dan # SA grants controlsQ_/info and controlsQ_/stop to Frank and # controlsQ_/instantiate to Frank # SA grants delegate_controlsQ_/info to James and delegate_controlsQ_/stop to Lisa # SA grants delegate_controlsQ_/info (sliceB) to John # SA grants controls(sliceB) to Dan # SA grants delegate_controls_(sliceB) to Lisa # John grants controlsQ_/info (sliceB) to James # John grants controlsQ/info (sliceB) to Joe # unset ABAC_CN keyloc=`pwd` sidx=s5 makeWho() { WHO=$1 rm -rf ${WHO}_*.pem creddy --generate --cn ${WHO} } makeWho GR makeWho IDP makeWho EXO makeWho Drd makeWho Frank makeWho Dan makeWho Lisa makeWho John makeWho Joe makeWho Tim makeWho James g=`creddy --keyid --cert $keyloc/G_ID.pem` gr=`creddy --keyid --cert $keyloc/GR_ID.pem` pa=`creddy --keyid --cert $keyloc/PA_ID.pem` sa=`creddy --keyid --cert $keyloc/SA_ID.pem` idp=`creddy --keyid --cert $keyloc/IDP_ID.pem` exo=`creddy --keyid --cert $keyloc/EXO_ID.pem` drd=`creddy --keyid --cert $keyloc/Drd_ID.pem` frank=`creddy --keyid --cert $keyloc/Frank_ID.pem` dan=`creddy --keyid --cert $keyloc/Dan_ID.pem` lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem` john=`creddy --keyid --cert $keyloc/John_ID.pem` joe=`creddy --keyid --cert $keyloc/Joe_ID.pem` tim=`creddy --keyid --cert $keyloc/Tim_ID.pem` james=`creddy --keyid --cert $keyloc/James_ID.pem` pname=${sidx}_yap_clauses namespace=access1 sfile=sfile_${sidx} idp_gUser() { eval "namename=[keyid:\$$1]" attr="[keyid:$idp].role:geniUser <- $namename" name=${sidx}_IDP_gUser__$1_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace } ## drd requesting a sliceA from sa ## makeSlice $drd sliceA Drd makeSlice() { what="'$2'" # Drd.slice <- 'sliceA' attr="[keyid:$1].oset:slice <- [string:$what]" name=${sidx}_$3_slice__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.standard <- 'sliceA' attr="[keyid:$sa].oset:standard <- [string:$what]" name=${sidx}_SA_standard__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.owner('sliceA') <- Drd attr="[keyid:$sa].role:owner([string:$what]) <- [keyid:$1]" name=${sidx}_SA_owner_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.root('sliceA') <-Drd attr="[keyid:$sa].role:root([string:$what]) <- [keyid:$1]" name=${sidx}_SA_root_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace } ############################################################################### echo "s/$g/G/g " > $sfile echo "s/$gr/GR/g " >> $sfile echo "s/$sa/SA/g " >> $sfile echo "s/$sa/SA/g " >> $sfile echo "s/$idp/IDP/g " >> $sfile echo "s/$exo/EXO/g " >> $sfile echo "s/$drd/Drd/g " >> $sfile echo "s/$frank/Frank/g " >> $sfile echo "s/$dan/Dan/g " >> $sfile echo "s/$lisa/Lisa/g " >> $sfile echo "s/$john/John/g " >> $sfile echo "s/$joe/Joe/g " >> $sfile echo "s/$tim/Tim/g " >> $sfile echo "s/$james/James/g " >> $sfile # G.geniRoot <- GR attr="[keyid:$g].role:geniRoot <- [keyid:$gr]" name=${sidx}_G_geniRoot__gr_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.sliceAuthorithority <- SA attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]" name=${sidx}_GR_sliceAuthority__sa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.identityProvider <- IDP attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]" name=${sidx}_GR_identityProvider__idp_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.projectAuthority <- PA attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]" name=${sidx}_GR_projAuthority__pa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.aggregate <- EXO attr="[keyid:$gr].role:aggregate <- [keyid:$exo]" name=${sidx}_GR_aggregate__exo_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # IDP.geniUser <- Drd idp_gUser drd # IDP.geniUser <- Frank idp_gUser frank # IDP.geniUser <- Dan idp_gUser dan # IDP.geniUser <- Lisa idp_gUser lisa # IDP.geniUser <- John idp_gUser john # IDP.geniUser <- Joe idp_gUser joe # IDP.geniUser <- Tim idp_gUser tim # IDP.geniUser <- James idp_gUser james # IDP.geniPI <- Drd attr="[keyid:$idp].role:geniPI <- [keyid:$drd]" name=${sidx}_IDP_geniPI__drd_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## drd requesting a sliceB from sa makeSlice $drd sliceB Drd ## drd requesting a sliceA from sa makeSlice $drd sliceA Drd ## SA gives controlsQ/info permission on sliceA to Dan attr="[keyid:$sa].role:controlsQ([string:'sliceA'],[string:'info']) <- [keyid:$dan]" name=${sidx}_SA_controlsQ_sliceA_info__dan_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controlsQ/stop permission on sliceA to Dan attr="[keyid:$sa].role:controlsQ([string:'sliceA'],[string:'stop']) <- [keyid:$dan]" name=${sidx}_SA_controlsQ_sliceA_stop__dan_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controlsQ/instantiate permission on sliceA to Frank attr="[keyid:$sa].role:controlsQ([string:'sliceA'],[string:'instantiate']) <- [keyid:$frank]" name=${sidx}_SA_controlsQ_sliceA_instantiate__frank_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controlsQ_/info permission on sliceA to Frank attr="[keyid:$sa].role:controlsQ_([string:'sliceA'],[string:'info']) <- [keyid:$frank]" name=${sidx}_SA_controlsQDel_sliceA__info_frank_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controlsQ_/stop permission on sliceA to Frank attr="[keyid:$sa].role:controlsQ_([string:'sliceA'],[string:'stop']) <- [keyid:$frank]" name=${sidx}_SA_controlsQDel_sliceA__stop_frank_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controlsQ_/instantiate permission on sliceA to John attr="[keyid:$sa].role:controlsQ_([string:'sliceA'],[string:'instantiate']) <- [keyid:$john]" name=${sidx}_SA_controlsQDel_sliceA_instantiate__john_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives delegate_controlsQ_/info permission on sliceA to James attr="[keyid:$sa].role:delegate_controlsQ_([string:'sliceA'],[string:'info']) <- [keyid:$james]" name=${sidx}_SA_delcontrolsQDel_sliceA_info__james_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives delegate_controlsQ_/stop permission on sliceA to Lisa attr="[keyid:$sa].role:delegate_controlsQ_([string:'sliceA'],[string:'stop']) <- [keyid:$lisa]" name=${sidx}_SA_delcontrolsQDel_sliceA_stop__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives controls permission on sliceB to Dan attr="[keyid:$sa].role:controls([string:'sliceB']) <- [keyid:$dan]" name=${sidx}_SA_controls_sliceB__dan_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA grants delegate_controls_(sliceB) to Lisa attr="[keyid:$sa].role:delegate_controls_([string:'sliceB']) <- [keyid:$lisa]" name=${sidx}_SA_delcontrols_sliceB__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives controlsQ/info permission on sliceA to Lisa attr="[keyid:$drd].role:controlsQ([string:'sliceA'],[string:'info']) <- [keyid:$lisa]" name=${sidx}_Drd_controlsQ_sliceA_info__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives controlsQ/stop permission on sliceA to James attr="[keyid:$drd].role:controlsQ([string:'sliceA'],[string:'stop']) <- [keyid:$james]" name=${sidx}_Drd_controlsQ_sliceA_stop__james_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives controlsQ_/info permission on sliceA to Tim attr="[keyid:$drd].role:controlsQ_([string:'sliceA'],[string:'info']) <- [keyid:$tim]" name=${sidx}_Drd_controlsQDel_sliceA_info__tim_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives controlsQ/info permission on sliceA to Lisa attr="[keyid:$drd].role:controlsQ([string:'sliceA'],[string:'info']) <- [keyid:$lisa]" name=${sidx}_Drd_controlsQ_sliceA_info__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives controlsQ_/stop permission on sliceA to Tim attr="[keyid:$drd].role:controlsQ_([string:'sliceA'],[string:'stop']) <- [keyid:$tim]" name=${sidx}_Drd_controlsQDel_sliceA_stop__tim_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives delegate_controlsQ_/info permission on sliceA to John attr="[keyid:$drd].role:delegate_controlsQ_([string:'sliceA'],[string:'info']) <- [keyid:$john]" name=${sidx}_Drd_delcontrolsQDel_sliceA_info__john_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives delegate_controlsQ_/instantiate permission on sliceA to Tim attr="[keyid:$drd].role:delegate_controlsQ_([string:'sliceA'],[string:'instantiate']) <- [keyid:$tim]" name=${sidx}_Drd_delcontrolsQDel_sliceA_instantiate__tim_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA gives info delegate_controlsQ_/info permission on sliceB to John attr="[keyid:$sa].role:delegate_controlsQ_([string:'sliceB'],[string:'info']) <- [keyid:$john]" name=${sidx}_Drd_delcontrolsQDel_sliceB_info__john_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## John gives controlsQ_/info permission on sliceB to James attr="[keyid:$john].role:controlsQ_([string:'sliceB'],[string:'info']) <- [keyid:$james]" name=${sidx}_SA_controlsQDel_sliceB_info__james_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## John gives controlsQ/info permission on sliceB to Joe attr="[keyid:$john].role:controlsQ([string:'sliceB'],[string:'info']) <- [keyid:$joe]" name=${sidx}_SA_controlsQ_sliceB_info__joe_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace