source: examples/creddy_prover_tests/README @ c6d5da3

mei_rt2mei_rt2_fix_1
Last change on this file since c6d5da3 was 2efdff5, checked in by Mei <mei@…>, 12 years ago

1) fix the missing check for 'This' rt2.y when called from creddy/prover

combo

2) patch up the stringify of abac_term that is of time type.
3) update the testing to reflect the changes to baseline output

  • Property mode set to 100644
File size: 2.2 KB
Line 
1
2This directory contains various ABAC scenarios that exercise
3various feature of the current RT2 implmentation using YAP prolog.
4
5The frontend query client is abac_prover_yap.
6
7Each subdirectory has a README script which includes a description
8of the scenario, and creddy calls that generate the needed credentials.
9There is a run_query script which sets up and runs couple of typical
10query using abac_prover_yap.
11
12runcheck, is the top level script that initiates the run_query scripts
13within each subdirectory with ABAC_CN mode (see below); captures the
14result and compares with the baseline result stored in allout.save.
15runcheck also makes a complete run_query run without ABAC_CN enabled as
16a round of regression testing. runcheck call .runall to cleanup all
17the byproducts of a run and also setup the credentials needed in each
18subdirectories
19
20abac_prover_yap
21
22Usage: abac_prover_yap
23        --keystore <keystore>
24        --role <keyid.role> --principal <keyid>
25        --oset <keyid.oset> --object <otype>
26    loads the keystore and runs the query role <-?- principal
27                                the query oset <-?- object
28        --dump <file>
29    extracts all credentials from the prolog db
30        --dbdump
31    extracts all prolog rules directly from the prolog db
32
33
34keystore is the location where the prover will search to load credentials.
35All accessible identity credentials and attribute credentials will be
36picked up one file at a time.
37
38role, oset, principal, and object are specified with principal's SHA1
39value extracted from the credentials that are loaded from keystore location
40using creddy. Example can be found in the run_queryscript.
41
42An actual example from balltime_rt2_typed,
43
44abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed
45  --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium
46                 ([string:'access'],[boolean:true],[time:20120228T130000])
47  --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0]
48
49One useful environment variable,
50
51ABAC_CN, use CN instead of SHA1 value for identifying the principals. This
52is useful for debugging purpose but will not resolve conflict when CN is not
53uniquely associated with each principal's SHA1 value.
54
55env ABAC_CN=1 runall run
56
57
Note: See TracBrowser for help on using the repository browser.