source: examples/creddy_prover_tests/README @ ed3dc05

mei_rt2mei_rt2_fix_1
Last change on this file since ed3dc05 was 5110d42, checked in by Mei <mei@…>, 13 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

  • Property mode set to 100644
File size: 2.1 KB
RevLine 
[7727f26]1
[5ae5719]2This directory contains various ABAC scenarios that exercise
3various feature of the current RT2 implmentation using YAP prolog.
[7727f26]4
[0a81d0a]5The frontend query client is abac_prover_yap.
[7727f26]6
7Each subdirectory has a README script which includes a description
[5110d42]8of the scenario, and creddy calls that generate the needed credentials.
[9502c50]9There is a run_query script which sets up and runs couple of typical
[0a81d0a]10query using abac_prover_yap.
[7727f26]11
12runall, is the top level script that will cleanup and setup the
13credentials needed in each subdirectories
14
[302f477]15runcheck, is the top level script that initiates the run_query scripts
16within each subdirectory with ABAC_CN mode (see below); captures the
17result and compares with the baseline result stored in allout.save.
18runcheck also makes a complete run_query run without ABAC_CN enabled as
[5110d42]19a round of regression testing.
[7727f26]20
[0a81d0a]21abac_prover_yap
[7727f26]22
23Usage: abac_prover_yap
24        --keystore <keystore>
25        --role <keyid.role> --principal <keyid>
26        --oset <keyid.oset> --object <otype>
27    loads the keystore and runs the query role <-?- principal
28                                the query oset <-?- object
29        --dump <file>
30    extracts all credentials from the prolog db
31
[9502c50]32keystore is the location where the prover will search to load credentials.
33All accessible identity credentials and attribute credentials will be
[7727f26]34picked up one file at a time.
35
[9502c50]36role, oset, principal, and object are specified with principal's SHA1
37value extracted from the credentials that are loaded from keystore location
38using creddy. Example can be found in the run_queryscript.
39
40An actual example from balltime_rt2_typed,
[7727f26]41
42abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed
43  --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium
44                 ([string:'access'],[boolean:true],[time:20120228T130000])
45  --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0]
46
[5110d42]47One useful environment variable,
[7727f26]48
[9502c50]49ABAC_CN, use CN instead of SHA1 value for identifying the principals. This
[7727f26]50is useful for debugging purpose but will not resolve conflict when CN is not
[9502c50]51uniquely associated with each principal's SHA1 value.
[7727f26]52
53env ABAC_CN=1 runall run
54
55
Note: See TracBrowser for help on using the repository browser.