source: examples/creddy_prover_tests/evaluator_rt1/README @ 0b3ac65

mei_rt2mei_rt2_fix_1
Last change on this file since 0b3ac65 was 5110d42, checked in by Mei <mei@…>, 13 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

  • Property mode set to 100755
File size: 3.0 KB
RevLine 
[718ad924]1#!/bin/sh
[9502c50]2#
[2c01913]3# This example demonstrates linking parameterized roles and delegating across
4# institutions.  There are 4 principals USC, ISI, John, and Maryann.  USC and
5# ISI are companies, and USC owns ISI.  USC sets the policy that the manager of
6# a principal (an employee) has the role of evaluating that employee (and no
7# others).  That policy is expressed in Credential 1.  Credential 2 says that
8# ISI's assignment of manager roles is accepted by USC.  Similarly Credential 4
9# says that any ISI employee is a USC employee.
10#
11# Credential 3 encodes ISI asserting that John is the manager of Maryann and
12# credentials 5 and 6 idicate that John and Maryann are ISI employees.
13#
[9502c50]14# the attached ./run_query script queries that USC grants John the role of evaluator
[2c01913]15# of Maryann, that ISI asserts John is Maryann's manager and that John is an
16# ISI employee.
17
[9502c50]18# evaluator_rt1_typed
19
[718ad924]20#[keyid:USC].role:employee <-?- [keyid:John]
21#[keyid:USC].role:evaluatorOf([keyid:Maryann])<-?- [keyid:John]
22
23creddy --generate --cn ISI
24creddy --generate --cn USC
25creddy --generate --cn Maryann
26creddy --generate --cn John
27
28isi_keyid=`creddy --keyid --cert ISI_ID.pem`
29usc_keyid=`creddy --keyid --cert USC_ID.pem`
30maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
31john_keyid=`creddy --keyid --cert John_ID.pem`
32
33managerof_maryann="managerOf([keyid:$maryann_keyid])"
34
[da5afdf]35#[keyid:USC].role:evaluatorOf([principal:?K])<-[keyid:USC].role:managerOf([principal:?K])
[2c01913]36# Credential 1
[718ad924]37creddy --attribute \
[da5afdf]38       --issuer USC_ID.pem --key USC_private.pem --role 'evaluatorOf([principal:?K])' \
39       --subject-cert USC_ID.pem --subject-role 'managerOf([principal:?K])' \
40       --out USC_evaluatorof_qK__USC_managerof_qK_attr.der
[718ad924]41
[da5afdf]42#[keyid:USC].role:managerOf([principal:?K])<-[keyid:ISI].role:managerOf([principal:?K])
[2c01913]43# Credential 2
[718ad924]44creddy --attribute \
[da5afdf]45       --issuer USC_ID.pem --key USC_private.pem --role 'managerOf([principal:?K])' \
46       --subject-cert ISI_ID.pem --subject-role 'managerOf([principal:?K])' \
47       --out USC_managerof_qK__USC_employee_attr.der
[718ad924]48
49#[keyid:ISI].role:managerOf([keyid:Maryann]) <- [keyid:John]
[2c01913]50# Credential 3
[718ad924]51creddy --attribute \
[da5afdf]52       --issuer ISI_ID.pem --key ISI_private.pem --role "$managerof_maryann" \
[718ad924]53       --subject-cert John_ID.pem \
[da5afdf]54       --out ISI_manageof_Maryann__John_attr.der
[718ad924]55
56#[keyid:USC].role:employee <- [keyid:ISI].role:employee
[2c01913]57# Credential 4
[718ad924]58creddy --attribute \
59       --issuer USC_ID.pem --key USC_private.pem --role employee \
[da5afdf]60       --subject-cert ISI_ID.pem --subject-role employee \
[718ad924]61       --out USC_employee__ISI_employee_attr.der
62
63#[keyid:ISI].role:employee  <- [keyid:Maryann]
[2c01913]64# Credential 5
[718ad924]65creddy --attribute \
66       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
67       --subject-cert Maryann_ID.pem \
68       --out ISI_employee__Maryann_attr.der
69
70#[keyid:ISI].role:employee <- [keyid:John]
[2c01913]71# Credential 6
[718ad924]72creddy --attribute \
73       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
74       --subject-cert John_ID.pem \
75       --out ISI_employee__John_attr.der
[da5afdf]76
Note: See TracBrowser for help on using the repository browser.