source: examples/acme_friend_rt1_typed/README @ 9806e76

mei_rt2mei_rt2_fix_1meiyap-rt1rt2
Last change on this file since 9806e76 was 2c01913, checked in by Ted Faber <faber@…>, 12 years ago

Added docs
  • Property mode set to 100755
File size: 2.5 KB
Line 
1#!/bin/sh
2# This example shows how a parameterized role can be used to infer a role and
3# that the same role can also be directly assigned.  The example has 4
4# principals, the Acme company, a Coyote, a RoadRUnner and a Jackrabbit.
5#
6# The policy of the Acme company is that anyone the Acme company thinks is a
7# friend of the Roadrunner is a preferred customer.  A friend of the roadrunner
8# has the [keyid:Acme}.role:friendOf([keyid:Roadrunner]) role, and a preferred
9# customer has the [keyid:Acme].role:preferred_customer role.
10#
11# This script creates the 4 and 3 credentials.  Credential 1 lays out the rule
12# that friends of the Roadrunner are preferred customers.  Credential 2
13# directly makes the Coyote a preferred customer.  Credential 3 recognizes that
14# Acme thinks that the Jackrabbit is the Roadrunner's friend.
15#
16# The attached ./rr script tests whether the coyote is a friend of the
17# Roadrunner (which fails), whether the Jackrabbit is a friend of teh
18# Roadrunner (which succeeds), whether the Jackrabbit is a preferred customer
19# (which succeeds), whether the Coyote is a prefered customer (succeeds for a
20# different reason) and whether the system fails to load a bad certificate (it
21# does).
22
23rm -rf *.der *.pem
24
25#[keyid:Acme].role:friendof([keyid:Roadrunner]) <-?- [keyid:Coyote] (no)
26#[keyid:Acme].role:preferred_customer <-?- [keyid:Jackrabbit] (yes)
27
28creddy --generate --cn Acme
29creddy --generate --cn Coyote
30creddy --generate --cn Roadrunner
31creddy --generate --cn Jackrabbit
32
33roadrunner_keyid=`creddy --keyid --cert Roadrunner_ID.pem`
34friendof_roadrunner="friendOf([keyid:$roadrunner_keyid])"
35
36#[keyid:Acme].role:preferred_customer <- [keyid:Acme].role:friendOf([keyid:Roadrunner])
37# Credential 1
38creddy --attribute \
39       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
40       --subject-cert Acme_ID.pem --subject-role  $friendof_roadrunner \
41       --out Acme_preferred_customer__Acme_friendof_Roadrunner_attr.der
42
43#[keyid:Acme].role:prefered_customer <- [keyid:Coyote]
44# Credential 2
45creddy --attribute \
46       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
47       --subject-cert Coyote_ID.pem \
48       --out Acme_preferred_customer__Coyote_attr.der
49
50#[keyid:Acme].role:friendOf([keyid:Roadrunner]) <- [keyid:Jackrabbit]
51# Credential 3
52creddy --attribute \
53       --issuer Acme_ID.pem --key Acme_private.pem --role $friendof_roadrunner \
54       --subject-cert Jackrabbit_ID.pem \
55       --out Acme_friendof_Roadrunner__Jackrabbit_attr.der
56
Note: See TracBrowser for help on using the repository browser.