source: examples/creddy_prover_tests/acme_rockets_intersection_rt0/README @ 163aadf

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 163aadf was 92661b4, checked in by Mei <mei@…>, 8 years ago

1) add some doc
2) fix the version in abac_xml

  • Property mode set to 100755
File size: 2.2 KB
RevLine 
[461541a]1#!/bin/sh
[92661b4]2#
3# This example demonstrates intersections.  An intersection is a logical and of
4# roles or osets.  An intersection succeeds if the principal is in the
5# intersection of the sets defined by the roles.
6#
7# The policy set by Acme is that a character must both a preferred customer and
8# a WarnerBrothers character to buy rockets.  Each of those attributes is
9# specified by a role.
10#
11# This example defines 4 principals, Acme, WarnerBrothers, Coyote and Batman.
12# Credential 1 defines the policy requiring both roles to get the buy_rockets
13# role.  Credential 2 gives the Coyote a preferred_customer role.  Credential 3
14# gives Batman the preferred_customer role and Credential 4 recognizes the
15# Coyote as a Warner Brothers character.
[461541a]16#
17#In order to buy rockets from Acme, you must be BOTH a preferred customer
18#AND a WarnerBros character. In this example, the following query will be
19#successful:
20#
21#    Acme.buy_rockets <-?- Coyote
22#
23#The following query will fail (because Batman does not have the
24#attribute WarnerBros.character):
25#
26#    Acme.buy_rockets <-?- Batman
27#
28#Acme.buy_rockets <- Acme.preferred_customer & WarnerBros.character
29#Acme.preferred_customer <- Coyote
30#Acme.preferred_customer <- Batman
31#WarnerBros.character <- Coyote
32#
33
34rm -rf *.xml *.pem
[6180394]35
36creddy --generate --cn Acme
37
38creddy --generate --cn WarnerBros
39
40creddy --generate --cn Coyote
41
42creddy --generate --cn Batman
43
44creddy --attribute \
45       --issuer Acme_ID.pem --key Acme_private.pem --role buy_rockets \
46       --subject-cert Acme_ID.pem --subject-role preferred_customer \
47       --subject-cert WarnerBros_ID.pem --subject-role character \
[461541a]48       --out Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.xml
[6180394]49
50creddy --attribute \
51       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
52       --subject-cert Coyote_ID.pem \
[461541a]53       --out Acme_preferred_customer__Coyote_attr.xml
[6180394]54
55creddy --attribute \
56       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
57       --subject-cert Batman_ID.pem \
[461541a]58       --out Acme_preferred_customer__Batman_attr.xml
[6180394]59
60creddy --attribute \
61       --issuer WarnerBros_ID.pem --key WarnerBros_private.pem --role character \
62       --subject-cert Coyote_ID.pem \
[461541a]63       --out WarnerBros_character__Coyote_attr.xml
64
Note: See TracBrowser for help on using the repository browser.