source: examples/creddy_prover_tests/README @ 5f551d3

mei_rt2mei_rt2_fix_1
Last change on this file since 5f551d3 was 5110d42, checked in by Mei <mei@…>, 13 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

  • Property mode set to 100644
File size: 2.1 KB
Line 
1
2This directory contains various ABAC scenarios that exercise
3various feature of the current RT2 implmentation using YAP prolog.
4
5The frontend query client is abac_prover_yap.
6
7Each subdirectory has a README script which includes a description
8of the scenario, and creddy calls that generate the needed credentials.
9There is a run_query script which sets up and runs couple of typical
10query using abac_prover_yap.
11
12runall, is the top level script that will cleanup and setup the
13credentials needed in each subdirectories
14
15runcheck, is the top level script that initiates the run_query scripts
16within each subdirectory with ABAC_CN mode (see below); captures the
17result and compares with the baseline result stored in allout.save.
18runcheck also makes a complete run_query run without ABAC_CN enabled as
19a round of regression testing.
20
21abac_prover_yap
22
23Usage: abac_prover_yap
24        --keystore <keystore>
25        --role <keyid.role> --principal <keyid>
26        --oset <keyid.oset> --object <otype>
27    loads the keystore and runs the query role <-?- principal
28                                the query oset <-?- object
29        --dump <file>
30    extracts all credentials from the prolog db
31
32keystore is the location where the prover will search to load credentials.
33All accessible identity credentials and attribute credentials will be
34picked up one file at a time.
35
36role, oset, principal, and object are specified with principal's SHA1
37value extracted from the credentials that are loaded from keystore location
38using creddy. Example can be found in the run_queryscript.
39
40An actual example from balltime_rt2_typed,
41
42abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed
43  --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium
44                 ([string:'access'],[boolean:true],[time:20120228T130000])
45  --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0]
46
47One useful environment variable,
48
49ABAC_CN, use CN instead of SHA1 value for identifying the principals. This
50is useful for debugging purpose but will not resolve conflict when CN is not
51uniquely associated with each principal's SHA1 value.
52
53env ABAC_CN=1 runall run
54
55
Note: See TracBrowser for help on using the repository browser.