1 | #!/bin/sh |
---|
2 | |
---|
3 | #Acme runs a testbed. They've delegated the authority to create |
---|
4 | #!/bin/sh |
---|
5 | # |
---|
6 | #experiments to all their partners. The Globotron company is one such |
---|
7 | #!/bin/sh |
---|
8 | # |
---|
9 | #partner. |
---|
10 | # |
---|
11 | # Acme.experiment_create <- Acme.partner.experiment_create |
---|
12 | # Acme.partner <- Globotron |
---|
13 | # |
---|
14 | #Globotron has delegated the authority to anyone an admin thinks is a |
---|
15 | #'power user'. |
---|
16 | # |
---|
17 | # Globotron.experiment_create <- Globotron.admin.power_user |
---|
18 | # |
---|
19 | #Alice is an admin, and her friend Bob is a power user: |
---|
20 | # |
---|
21 | # Globotron.admin <- Alice |
---|
22 | # Alice.power_user <- Bob |
---|
23 | # |
---|
24 | #From these credentials, it is possible to construct a proof graph |
---|
25 | #showing that Acme.experiment_create <- Bob. |
---|
26 | # |
---|
27 | #Note that there is a one-to-one correspondence with each credential |
---|
28 | #above and the attribute certificates below. |
---|
29 | # |
---|
30 | |
---|
31 | rm -rf *.pem *.xml |
---|
32 | |
---|
33 | creddy --generate --cn Acme |
---|
34 | |
---|
35 | creddy --generate --cn Globotron |
---|
36 | |
---|
37 | creddy --generate --cn Alice |
---|
38 | |
---|
39 | creddy --generate --cn Bob |
---|
40 | |
---|
41 | creddy --attribute \ |
---|
42 | --issuer Acme_ID.pem --key Acme_private.pem --role experiment_create \ |
---|
43 | --subject-cert Acme_ID.pem --subject-role partner.experiment_create \ |
---|
44 | --out Acme_experiment_create__Acme_partner_experiment_create_attr.xml |
---|
45 | |
---|
46 | creddy --attribute \ |
---|
47 | --issuer Acme_ID.pem --key Acme_private.pem --role partner \ |
---|
48 | --subject-cert Globotron_ID.pem \ |
---|
49 | --out Acme_partner__Globotron_attr.xml |
---|
50 | |
---|
51 | creddy --attribute \ |
---|
52 | --issuer Globotron_ID.pem --key Globotron_private.pem --role experiment_create \ |
---|
53 | --subject-cert Globotron_ID.pem --subject-role admin.power_user \ |
---|
54 | --out Globotron_experiment_create__Globotron_admin_power_user_attr.xml |
---|
55 | |
---|
56 | creddy --attribute \ |
---|
57 | --issuer Globotron_ID.pem --key Globotron_private.pem --role admin \ |
---|
58 | --subject-cert Alice_ID.pem \ |
---|
59 | --out Globotron_admin__Alice_attr.xml |
---|
60 | |
---|
61 | creddy --attribute \ |
---|
62 | --issuer Alice_ID.pem --key Alice_private.pem --role power_user \ |
---|
63 | --subject-cert Bob_ID.pem \ |
---|
64 | --out Alice_admin__Bob_attr.xml |
---|
65 | |
---|
66 | |
---|