#!/bin/sh ##################################################################### # scenario #6 # Explores relationship between slice, createSlice, and gmoc and # projects # # Drd is the owner of proj1, a standard project # Drd grants memberQ/instantiate permission to Dan # Drd grants memberQ/info permission to Frank # SA let Dan be a geniProxy # SA accepts PA as the projectAuthority # SA accepts Alice as a gmoc # SA accepts SliceA as a stadard slice and proj1 as standard project # SA let Dan speaks for Drd # Lisa is a geniProxy and speaks for Frank # unset ABAC_CN keyloc=`pwd` sidx=s6 makeWho() { WHO=$1 rm -rf ${WHO}_*.pem creddy --generate --cn ${WHO} } makeWho GR makeWho IDP makeWho EXO makeWho GM makeWho Drd makeWho Dan makeWho Frank makeWho Alice makeWho Lisa g=`creddy --keyid --cert $keyloc/G_ID.pem` gr=`creddy --keyid --cert $keyloc/GR_ID.pem` pa=`creddy --keyid --cert $keyloc/PA_ID.pem` sa=`creddy --keyid --cert $keyloc/SA_ID.pem` idp=`creddy --keyid --cert $keyloc/IDP_ID.pem` exo=`creddy --keyid --cert $keyloc/EXO_ID.pem` gm=`creddy --keyid --cert $keyloc/GM_ID.pem` drd=`creddy --keyid --cert $keyloc/Drd_ID.pem` dan=`creddy --keyid --cert $keyloc/Dan_ID.pem` frank=`creddy --keyid --cert $keyloc/Frank_ID.pem` alice=`creddy --keyid --cert $keyloc/Alice_ID.pem` lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem` pname=${sidx}_yap_clauses namespace=access1 sfile=sfile_${sidx} sa_gUser() { eval "namename=[keyid:\$$1]" attr="[keyid:$sa].role:geniUser <- $namename" name=${sidx}_SA_gUser__$1_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace } ## drd requesting a sliceA from sa ## makeSlice $drd proj1 sliceA Drd makeSlice() { proj="'$2'" what="'$3'" # SA.qualifiedProject <- 'proj1' attr="[keyid:$sa].oset:qualifiedProject <- [string:$proj]" name=${sidx}_SA_qualProject__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.inProject('proj1') <- 'sliceA' attr="[keyid:$sa].oset:inProject([string:$proj]) <- [string:$what]" name=${sidx}_SA_inProject_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # Drd.slice <- 'sliceA' attr="[keyid:$1].oset:slice <- [string:$what]" name=${sidx}_$4_slice__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.standard <- 'sliceA' attr="[keyid:$sa].oset:standard <- [string:$what]" name=${sidx}_SA_standard__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.owner('sliceA') <- Drd attr="[keyid:$sa].role:owner([string:$what]) <- [keyid:$1]" name=${sidx}_SA_owner_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.root('sliceA') <-Drd attr="[keyid:$sa].role:root([string:$what]) <- [keyid:$1]" name=${sidx}_SA_root_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace } ## drd requesting a proj1 from pa ## makeProject $drd proj1 Drd makeProject() { what="'$2'" # Drd.project <- 'proj1' attr="[keyid:$1].oset:project <- [string:$what]" name=${sidx}_$3_project__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # PA.standard <- 'proj1' attr="[keyid:$pa].oset:standard <- [string:$what]" name=${sidx}_PA_standard__$2_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # PA.owner('proj1') <- Drd attr="[keyid:$pa].role:owner([string:$what]) <- [keyid:$1]" name=${sidx}_PA_owner_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # PA.root('proj1') <-Drd attr="[keyid:$pa].role:root([string:$what]) <- [keyid:$1]" name=${sidx}_PA_root_$2__$3_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace } ############################################################################### echo "s/$g/G/g " > $sfile echo "s/$gr/GR/g " >> $sfile echo "s/$sa/SA/g " >> $sfile echo "s/$pa/PA/g " >> $sfile echo "s/$idp/IDP/g " >> $sfile echo "s/$exo/EXO/g " >> $sfile echo "s/$gm/GM/g " >> $sfile echo "s/$drd/Drd/g " >> $sfile echo "s/$dan/Dan/g " >> $sfile echo "s/$frank/Frank/g " >> $sfile echo "s/$alice/Alice/g " >> $sfile echo "s/$lisa/Lisa/g " >> $sfile # SA.geniProxy <- Lisa attr="[keyid:$sa].role:geniProxy <- [keyid:$lisa]" name=${sidx}_SA_gProxy__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # G.geniRoot <- GR attr="[keyid:$g].role:geniRoot <- [keyid:$gr]" name=${sidx}_G_geniRoot__gr_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.sliceAuthorithority <- SA attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]" name=${sidx}_GR_sliceAuthority__sa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.identityProvider <- IDP attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]" name=${sidx}_GR_identityProvider__idp_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.projectAuthority <- PA attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]" name=${sidx}_GR_projAuthority__pa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace #???, SA trusts PA as the projectAuthority # SA.projectAuthority <- PA attr="[keyid:$sa].role:projectAuthority <- [keyid:$pa]" name=${sidx}_SA_projAuthority__pa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # SA.gmoc <- Alice attr="[keyid:$sa].role:gmoc <- [keyid:$alice]" name=${sidx}_SA_gmoc__alice_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # GR.aggregate <- EXO attr="[keyid:$gr].role:aggregate <- [keyid:$exo]" name=${sidx}_GR_aggregate__exo_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace # IDP.geniUser <- Drd sa_gUser drd sa_gUser dan sa_gUser frank makeProject $drd proj1 Drd makeSlice $drd proj1 sliceA Drd # IDP.geniPI <- Drd attr="[keyid:$idp].role:geniPI <- [keyid:$drd]" name=${sidx}_IDP_geniPI__drd_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives memberQ/instantiate permission on proj1 to Dan attr="[keyid:$drd].role:memberQ([string:'proj1'],[string:'instantiate']) <- [keyid:$dan]" name=${sidx}_PA_memberQ_proj1_instantiate__dan_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## Drd gives memberQ/info permission on proj1 to Frank attr="[keyid:$drd].role:memberQ([string:'proj1'],[string:'info']) <- [keyid:$frank]" name=${sidx}_PA_memberQ_proj1_info__frank_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace ## SA let Dan speaks for Drd ## SA.speaksFor(?C:(SA.projectAuthority).memberQ(?P, "instantiate")) attr="[keyid:$sa].role:speaksFor([keyid:$dan]) <- [keyid:$lisa]" name=${sidx}_SA_speaksfor_dan__lisa_attr.der creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace