source: examples/creddy_prover_tests/evaluator_rt1/README @ 2cdbe49

mei_rt2mei_rt2_fix_1
Last change on this file since 2cdbe49 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/bin/sh
2#
3# This example demonstrates linking parameterized roles and delegating across
4# institutions.  There are 4 principals USC, ISI, John, and Maryann.  USC and
5# ISI are companies, and USC owns ISI.  USC sets the policy that the manager of
6# a principal (an employee) has the role of evaluating that employee (and no
7# others).  That policy is expressed in Credential 1.  Credential 2 says that
8# ISI's assignment of manager roles is accepted by USC.  Similarly Credential 4
9# says that any ISI employee is a USC employee.
10#
11# Credential 3 encodes ISI asserting that John is the manager of Maryann and
12# credentials 5 and 6 idicate that John and Maryann are ISI employees.
13#
14# the attached ./run_query script queries that USC grants John the role of evaluator
15# of Maryann, that ISI asserts John is Maryann's manager and that John is an
16# ISI employee.
17
18# evaluator_rt1
19
20#[keyid:USC].role:employee <-?- [keyid:John]
21#[keyid:USC].role:evaluatorOf([keyid:Maryann])<-?- [keyid:John]
22
23creddy --generate --cn ISI
24creddy --generate --cn USC
25creddy --generate --cn Maryann
26creddy --generate --cn John
27
28isi_keyid=`creddy --keyid --cert ISI_ID.pem`
29usc_keyid=`creddy --keyid --cert USC_ID.pem`
30maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
31john_keyid=`creddy --keyid --cert John_ID.pem`
32
33managerof_maryann="managerOf([keyid:$maryann_keyid])"
34
35#[keyid:USC].role:evaluatorOf([principal:?K])<-[keyid:USC].role:managerOf([principal:?K])
36# Credential 1
37creddy --attribute \
38       --issuer USC_ID.pem --key USC_private.pem --role 'evaluatorOf([principal:?K])' \
39       --subject-cert USC_ID.pem --subject-role 'managerOf([principal:?K])' \
40       --out USC_evaluatorof_qK__USC_managerof_qK_attr.der
41
42#[keyid:USC].role:managerOf([principal:?K])<-[keyid:ISI].role:managerOf([principal:?K])
43# Credential 2
44creddy --attribute \
45       --issuer USC_ID.pem --key USC_private.pem --role 'managerOf([principal:?K])' \
46       --subject-cert ISI_ID.pem --subject-role 'managerOf([principal:?K])' \
47       --out USC_managerof_qK__USC_employee_attr.der
48
49#[keyid:ISI].role:managerOf([keyid:Maryann]) <- [keyid:John]
50# Credential 3
51creddy --attribute \
52       --issuer ISI_ID.pem --key ISI_private.pem --role "$managerof_maryann" \
53       --subject-cert John_ID.pem \
54       --out ISI_manageof_Maryann__John_attr.der
55
56#[keyid:USC].role:employee <- [keyid:ISI].role:employee
57# Credential 4
58creddy --attribute \
59       --issuer USC_ID.pem --key USC_private.pem --role employee \
60       --subject-cert ISI_ID.pem --subject-role employee \
61       --out USC_employee__ISI_employee_attr.der
62
63#[keyid:ISI].role:employee  <- [keyid:Maryann]
64# Credential 5
65creddy --attribute \
66       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
67       --subject-cert Maryann_ID.pem \
68       --out ISI_employee__Maryann_attr.der
69
70#[keyid:ISI].role:employee <- [keyid:John]
71# Credential 6
72creddy --attribute \
73       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
74       --subject-cert John_ID.pem \
75       --out ISI_employee__John_attr.der
76
Note: See TracBrowser for help on using the repository browser.