Context Navigation

source: examples/creddy_prover_tests/evaluator_rt1/README @ 2cdbe49

mei_rt2mei_rt2_fix_1

Last change on this file since 2cdbe49 was f824a9e, checked in by Mei <mei@…>, 12 years ago
1) add more doc to python_tests
Property mode set to `100755`
File size: 3.0 KB

Rev	Line
[718ad924]	1	#!/bin/sh
[9502c50]	2	#
[2c01913]	3	# This example demonstrates linking parameterized roles and delegating across
	4	# institutions. There are 4 principals USC, ISI, John, and Maryann. USC and
	5	# ISI are companies, and USC owns ISI. USC sets the policy that the manager of
	6	# a principal (an employee) has the role of evaluating that employee (and no
	7	# others). That policy is expressed in Credential 1. Credential 2 says that
	8	# ISI's assignment of manager roles is accepted by USC. Similarly Credential 4
	9	# says that any ISI employee is a USC employee.
	10	#
	11	# Credential 3 encodes ISI asserting that John is the manager of Maryann and
	12	# credentials 5 and 6 idicate that John and Maryann are ISI employees.
	13	#
[9502c50]	14	# the attached ./run_query script queries that USC grants John the role of evaluator
[2c01913]	15	# of Maryann, that ISI asserts John is Maryann's manager and that John is an
	16	# ISI employee.
	17
[f824a9e]	18	# evaluator_rt1
[9502c50]	19
[718ad924]	20	#[keyid:USC].role:employee <-?- [keyid:John]
	21	#[keyid:USC].role:evaluatorOf([keyid:Maryann])<-?- [keyid:John]
	22
	23	creddy --generate --cn ISI
	24	creddy --generate --cn USC
	25	creddy --generate --cn Maryann
	26	creddy --generate --cn John
	27
	28	isi_keyid=`creddy --keyid --cert ISI_ID.pem`
	29	usc_keyid=`creddy --keyid --cert USC_ID.pem`
	30	maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
	31	john_keyid=`creddy --keyid --cert John_ID.pem`
	32
	33	managerof_maryann="managerOf([keyid:$maryann_keyid])"
	34
[da5afdf]	35	#[keyid:USC].role:evaluatorOf([principal:?K])<-[keyid:USC].role:managerOf([principal:?K])
[2c01913]	36	# Credential 1
[718ad924]	37	creddy --attribute \
[da5afdf]	38	--issuer USC_ID.pem --key USC_private.pem --role 'evaluatorOf([principal:?K])' \
	39	--subject-cert USC_ID.pem --subject-role 'managerOf([principal:?K])' \
	40	--out USC_evaluatorof_qK__USC_managerof_qK_attr.der
[718ad924]	41
[da5afdf]	42	#[keyid:USC].role:managerOf([principal:?K])<-[keyid:ISI].role:managerOf([principal:?K])
[2c01913]	43	# Credential 2
[718ad924]	44	creddy --attribute \
[da5afdf]	45	--issuer USC_ID.pem --key USC_private.pem --role 'managerOf([principal:?K])' \
	46	--subject-cert ISI_ID.pem --subject-role 'managerOf([principal:?K])' \
	47	--out USC_managerof_qK__USC_employee_attr.der
[718ad924]	48
	49	#[keyid:ISI].role:managerOf([keyid:Maryann]) <- [keyid:John]
[2c01913]	50	# Credential 3
[718ad924]	51	creddy --attribute \
[da5afdf]	52	--issuer ISI_ID.pem --key ISI_private.pem --role "$managerof_maryann" \
[718ad924]	53	--subject-cert John_ID.pem \
[da5afdf]	54	--out ISI_manageof_Maryann__John_attr.der
[718ad924]	55
	56	#[keyid:USC].role:employee <- [keyid:ISI].role:employee
[2c01913]	57	# Credential 4
[718ad924]	58	creddy --attribute \
	59	--issuer USC_ID.pem --key USC_private.pem --role employee \
[da5afdf]	60	--subject-cert ISI_ID.pem --subject-role employee \
[718ad924]	61	--out USC_employee__ISI_employee_attr.der
	62
	63	#[keyid:ISI].role:employee <- [keyid:Maryann]
[2c01913]	64	# Credential 5
[718ad924]	65	creddy --attribute \
	66	--issuer ISI_ID.pem --key ISI_private.pem --role employee \
	67	--subject-cert Maryann_ID.pem \
	68	--out ISI_employee__Maryann_attr.der
	69
	70	#[keyid:ISI].role:employee <- [keyid:John]
[2c01913]	71	# Credential 6
[718ad924]	72	creddy --attribute \
	73	--issuer ISI_ID.pem --key ISI_private.pem --role employee \
	74	--subject-cert John_ID.pem \
	75	--out ISI_employee__John_attr.der
[da5afdf]	76

Note: See TracBrowser for help on using the repository browser.

Download in other formats: