source: examples/creddy_prover_tests/acme_rockets_intersection_rt0/README @ 4b46680

mei_rt2mei_rt2_fix_1
Last change on this file since 4b46680 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 2.7 KB
RevLine 
[718ad924]1#!/bin/sh
2#
[2c01913]3# This example demonstrates intersections.  An intersection is a logical and of
4# roles or osets.  An intersection succeeds if the principal is in the
5# intersection of the sets defined by the roles.
6#
7# The policy set by Acme is that a character must both a preferred customer and
8# a WarnerBrothers character to buy rockets.  Each of those attributes is
9# specified by a role.
10#
11# This example defines 4 principals, Acme, WarnerBrothers, Coyote and Batman.
12# Credential 1 defines the policy requiring both roles to get the buy_rockets
13# role.  Credential 2 gives the Coyote a preferred_customer role.  Credential 3
14# gives Batman the preferred_customer role and Credential 4 recognizes the
15# Coyote as a Warner Brothers character.
[718ad924]16#
17#In order to buy rockets from Acme, you must be BOTH a preferred customer
18#AND a WarnerBros character. In this example, the following query will be
19#successful:
20#
21#    Acme.buy_rockets <-?- Coyote
22#
23#The following query will fail (because Batman does not have the
24#attribute WarnerBros.character):
25#
26#    Acme.buy_rockets <-?- Batman
[2c01913]27#
[9502c50]28# The attached ./run_query file carries out these queries.  As well as 2 queries for
[2c01913]29# non-existant certificates (which fail).
[718ad924]30#
31#Acme.buy_rockets <- Acme.preferred_customer & WarnerBros.character
32#Acme.preferred_customer <- Coyote
33#Acme.preferred_customer <- Batman
34#WarnerBros.character <- Coyote
35#
[6180394]36
[f824a9e]37# acme_rockets_intersection_rt0
[9502c50]38
[6180394]39creddy --generate --cn Acme
40creddy --generate --cn WarnerBros
41creddy --generate --cn Coyote
42creddy --generate --cn Batman
43
[718ad924]44#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer & [keyid:WarnerBros].role:charater
[2c01913]45# Credential 1
[6180394]46creddy --attribute \
47       --issuer Acme_ID.pem --key Acme_private.pem --role buy_rockets \
48       --subject-cert Acme_ID.pem --subject-role preferred_customer \
49       --subject-cert WarnerBros_ID.pem --subject-role character \
50       --out Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.der
51
[718ad924]52#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
[2c01913]53# Credential 2
[6180394]54creddy --attribute \
55       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
56       --subject-cert Coyote_ID.pem \
57       --out Acme_preferred_customer__Coyote_attr.der
58
[718ad924]59#[keyid:Acme].role:preferred_customer <- [keyid:Batman]
[2c01913]60# Credential 3
[6180394]61creddy --attribute \
62       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
63       --subject-cert Batman_ID.pem \
64       --out Acme_preferred_customer__Batman_attr.der
65
[718ad924]66#[keyid:WarnerBros].role:character <- [keyid:Coyote]
[2c01913]67# Credential 4
[6180394]68creddy --attribute \
69       --issuer WarnerBros_ID.pem --key WarnerBros_private.pem --role character \
70       --subject-cert Coyote_ID.pem \
71       --out WarnerBros_character__Coyote_attr.der
Note: See TracBrowser for help on using the repository browser.