This directory contains various ABAC scenarios that exercise various feature of the current RT2 implmentation using YAP prolog. The frontend query client is abac_prover_yap. Each subdirectory has a README script which includes a description of the scenario, and creddy calls that generate the needed credentials. There is a run_query script which sets up and runs couple of typical query using abac_prover_yap. runall, is the top level script that will cleanup and setup the credentials needed in each subdirectories runcheck, is the top level script that initiates the run_query scripts within each subdirectory with ABAC_CN mode (see below); captures the result and compares with the baseline result stored in allout.save. runcheck also makes a complete run_query run without ABAC_CN enabled as a round of regression testing. abac_prover_yap Usage: abac_prover_yap --keystore --role --principal --oset --object loads the keystore and runs the query role <-?- principal the query oset <-?- object --dump extracts all credentials from the prolog db keystore is the location where the prover will search to load credentials. All accessible identity credentials and attribute credentials will be picked up one file at a time. role, oset, principal, and object are specified with principal's SHA1 value extracted from the credentials that are loaded from keystore location using creddy. Example can be found in the run_queryscript. An actual example from balltime_rt2_typed, abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium ([string:'access'],[boolean:true],[time:20120228T130000]) --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0] One useful environment variable, ABAC_CN, use CN instead of SHA1 value for identifying the principals. This is useful for debugging purpose but will not resolve conflict when CN is not uniquely associated with each principal's SHA1 value. env ABAC_CN=1 runall run