source: examples/creddy_prover_tests/README @ 08b8da7

mei_rt2mei_rt2_fix_1
Last change on this file since 08b8da7 was 2efdff5, checked in by Mei <mei@…>, 12 years ago

1) fix the missing check for 'This' rt2.y when called from creddy/prover

combo

2) patch up the stringify of abac_term that is of time type.
3) update the testing to reflect the changes to baseline output

  • Property mode set to 100644
File size: 2.2 KB
RevLine 
[7727f26]1
[5ae5719]2This directory contains various ABAC scenarios that exercise
3various feature of the current RT2 implmentation using YAP prolog.
[7727f26]4
[0a81d0a]5The frontend query client is abac_prover_yap.
[7727f26]6
7Each subdirectory has a README script which includes a description
[5110d42]8of the scenario, and creddy calls that generate the needed credentials.
[9502c50]9There is a run_query script which sets up and runs couple of typical
[0a81d0a]10query using abac_prover_yap.
[7727f26]11
[302f477]12runcheck, is the top level script that initiates the run_query scripts
13within each subdirectory with ABAC_CN mode (see below); captures the
14result and compares with the baseline result stored in allout.save.
15runcheck also makes a complete run_query run without ABAC_CN enabled as
[e3462b4]16a round of regression testing. runcheck call .runall to cleanup all
17the byproducts of a run and also setup the credentials needed in each
18subdirectories
[7727f26]19
[0a81d0a]20abac_prover_yap
[7727f26]21
22Usage: abac_prover_yap
23        --keystore <keystore>
24        --role <keyid.role> --principal <keyid>
25        --oset <keyid.oset> --object <otype>
26    loads the keystore and runs the query role <-?- principal
27                                the query oset <-?- object
28        --dump <file>
29    extracts all credentials from the prolog db
[2efdff5]30        --dbdump
31    extracts all prolog rules directly from the prolog db
32
[7727f26]33
[9502c50]34keystore is the location where the prover will search to load credentials.
35All accessible identity credentials and attribute credentials will be
[7727f26]36picked up one file at a time.
37
[9502c50]38role, oset, principal, and object are specified with principal's SHA1
39value extracted from the credentials that are loaded from keystore location
40using creddy. Example can be found in the run_queryscript.
41
42An actual example from balltime_rt2_typed,
[7727f26]43
44abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed
45  --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium
46                 ([string:'access'],[boolean:true],[time:20120228T130000])
47  --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0]
48
[5110d42]49One useful environment variable,
[7727f26]50
[9502c50]51ABAC_CN, use CN instead of SHA1 value for identifying the principals. This
[7727f26]52is useful for debugging purpose but will not resolve conflict when CN is not
[9502c50]53uniquely associated with each principal's SHA1 value.
[7727f26]54
55env ABAC_CN=1 runall run
56
57
Note: See TracBrowser for help on using the repository browser.