source: examples/creddy_prover_tests/leader_rt1/README @ a0c1772

mei_rt2mei_rt2_fix_1
Last change on this file since a0c1772 was d6ff6f1, checked in by Ted Faber <faber@…>, 12 years ago

Absolute path removed.

  • Property mode set to 100755
File size: 2.4 KB
RevLine 
[8bd77b5]1#!/bin/sh
2#
3# This example shows a way to allow an user with multiple keyid identities
4# to be 'reasoned' as one within a single scope.  There are 4 principals
5# Geni, Bob, Jack, and Joe. Bob and Joe are actually the same person but
6# not Jack.
7#
8# Credentials 1 is the policy that says a principal is a group leader
9# at Geni if it is equivalent to another principal who is a group
10# leader at Geni.
11#
12# Credentials 2 establishes Bob as a group leader at Geni while
13# credential 3 and 4 are the equivalent rules between Bob and Joe.
14#
15# The attached ./run_query file asks if Joe is also an group leader which
16# he is because there is a equivalent rule from Bob to him. It also asks
17# if Jack is a group leader which he isn't because there is no equivalent
18# rule from Bob to him.
19
[f824a9e]20# leader_rt1
[8bd77b5]21
22# [keyid:geni].role:leader <-?- [keyid:Bob] (yes)
23# [keyid:geni].role:leader <-?- [keyid:Jack] (no)
24# [keyid:geni].role:leader <-?- [keyid:Joe] (yes)
25
26creddy --generate --cn Geni
27creddy --generate --cn Bob
28creddy --generate --cn Jack
29creddy --generate --cn Joe
30
31geni_keyid=`creddy --keyid --cert Geni_ID.pem`
32bob_keyid=`creddy --keyid --cert Bob_ID.pem`
33jack_keyid=`creddy --keyid --cert Jack_ID.pem`
34joe_keyid=`creddy --keyid --cert Joe_ID.pem`
35
36leader_qP="equivalent([principal:?P[keyid:$geni_keyid].role:leader])"
37equivalent_bob="equivalent([keyid:$bob_keyid])"
38equivalent_joe="equivalent([keyid:$joe_keyid])"
39
40# [keyid:geni].role:leader
41#         <- [keyid:geni].role:equivalent([principal:?P[keyid:geni].role:leader])
42# Credential 1
[d6ff6f1]43creddy --attribute \
[8bd77b5]44       --issuer Geni_ID.pem --key Geni_private.pem --role "leader" \
45       --subject-cert Geni_ID.pem --subject-role "$leader_qP" \
46       --out geni_leader__geni_leader_qP_attr.der
47
48# [keyid:geni].role:leader <- [keyid:bob]
49# Credential 2
50creddy --attribute \
51        --issuer Geni_ID.pem --key Geni_private.pem --role "leader" \
52        --subject-cert Bob_ID.pem \
53        --out geni_leader__Bob_attr.der
54
55# [keyid:geni].role:equivalent([keyid:bob]) <- [keyid:Joe]
56# Credential 3
57creddy --attribute \
58        --issuer Geni_ID.pem --key Geni_private.pem --role "$equivalent_bob" \
59        --subject-cert Joe_ID.pem \
60        --out geni_equivalent_Bob__Joe_attr.der
61
62# [keyid:geni].role:equivalent([keyid:Joe]) <- [keyid:Bob]
63# Credential 4
64creddy --attribute \
65        --issuer Geni_ID.pem --key Geni_private.pem --role "$equivalent_joe" \
66        --subject-cert Bob_ID.pem \
67        --out geni_equivalent_Joe__Bob_attr.der
68
Note: See TracBrowser for help on using the repository browser.