source: examples/creddy_prover_tests/payraise_rt1/README @ f89b991

mei_rt2
Last change on this file since f89b991 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 4.8 KB
Line 
1#!/bin/sh
2
3#####################################################################
4# This example demostrates how to use 'this' as a data term of a RT1
5# policy credential where it is implicitly translated to a variable.
6#
7# Credential 1 is the policy credential with 2 intersecting rules.
8# A employee is up for a pay raise if the evaluator of the employee
9# affirms his/her good performance and the manager of the employee
10# affirms his/her pleasantness.
11#
12# Credential 2 is the policy credential that states an evaluator of
13# an employee is also the manager of the employee.
14#
15# Credential 3, 4 and 5 state Bob is the evaluator of Maryann and she
16# is showing good performance and is a nice coworker. Credential 6 and
17# 7 state Bob is also the evaluator of Joe and he is showing good
18# performance. But, there is no fact that says Joe is a nice coworker.
19#
20# The attached ./run_query file asks if a given principal is
21# entitled to a pay raise. Maryann is but not Joe, because his manager
22# did not affirm his pleasantness(but neither did he deny it)
23
24# payraise_rt1
25
26# [keyid:Alpha].role:payRaise <-?- [keyid:Maryann] (yes)
27# [keyid:Alpha].role:payRaise <-?- [keyid:Joe] (no)
28
29creddy --generate --cn Alpha
30creddy --generate --cn Bob
31creddy --generate --cn Maryann
32creddy --generate --cn Joe
33
34alpha_keyid=`creddy --keyid --cert Alpha_ID.pem`
35
36bob_keyid=`creddy --keyid --cert Bob_ID.pem`
37maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
38joe_keyid=`creddy --keyid --cert Joe_ID.pem`
39
40performance_qT="evaluatorOf([?this])"
41niceguy_qT="managerOf([?this])"
42
43manager_qZ="managerOf([principal:?Z])"
44evaluator_qZ="evaluatorOf([principal:?Z])"
45
46evaluator_m="evaluatorOf([keyid:$maryann_keyid])"
47evaluator_j="evaluatorOf([keyid:$joe_keyid])"
48
49# [keyid:alpha].role:payRaise <-
50#           [keyid:alpha].role:evaluatorOf([?this]).role:goodPerformance &
51#           [keyid:alpha].role:managerOf([?this]).role:niceCoworker
52# Credential 1
53creddy --attribute \
54       --issuer Alpha_ID.pem --key Alpha_private.pem --role payRaise \
55       --subject-cert Alpha_ID.pem --subject-link "$performance_qT" \
56                                     --subject-role goodPerformance \
57       --subject-cert Alpha_ID.pem --subject-link "$niceguy_qT" \
58                                     --subject-role niceCoworker \
59       --out Alpha_payraise__Alpha_performance_qT_niceguy_qT_attr.der
60
61# [keyid:alpha].role:managerOf([principal:?Z])<-
62#           [keyid:alpha].role:evaluatorOf([principal:?Z])
63# Credential 2
64creddy --attribute \
65       --issuer Alpha_ID.pem --key Alpha_private.pem --role "$manager_qZ" \
66       --subject-cert Alpha_ID.pem --subject-role "$evaluator_qZ" \
67       --out Alpha_manager_qZ__Alpha_evaluator_qZ_attr.der
68
69# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
70# Credential 3
71creddy --attribute \
72        --issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_m" \
73        --subject-cert Bob_ID.pem \
74        --out Alpha_evaluator_m__Bob_attr.der
75
76# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
77# Credential 4
78creddy --attribute \
79        --issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
80        --subject-cert Maryann_ID.pem \
81        --out Bob_goodperformance__Maryann_attr.der
82
83# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
84# Credential 5
85creddy --attribute \
86        --issuer Bob_ID.pem --key Bob_private.pem --role niceCoworker \
87        --subject-cert Maryann_ID.pem \
88        --out Bob_niceworker__Maryann_attr.der
89
90# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
91# Credential 6
92creddy --attribute \
93        --issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_j" \
94        --subject-cert Bob_ID.pem \
95        --out Alpha_evaluator_j__Bob_attr.der
96
97# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
98# Credential 7
99creddy --attribute \
100        --issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
101        --subject-cert Joe_ID.pem \
102        --out Bob_goodperformance__Joe_attr.der
103
104
105#####################################################################
106#
107# alpha.payRaise <- alpha.evaluatorOf(this).goodPerformance &
108#                   alpha.managerOf(this).niceCoworker
109# [keyid:alpha].role:payRaise <-
110#           [keyid:alpha].role:evaluatorOf([?this]).role:goodPerformance &
111#           [keyid:alpha].role:managerOf([?this]).role:niceCoworker
112#
113# alpha.managerOf(this) <- alpha.evaluatorOf(this)
114# [keyid:alpha].role:managerOf([?this])<-
115#           [keyid:alpha].role:evaluatorOf([?this])
116#
117# alpha.evaluatorOf(Maryann)<-Bob
118# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
119# Bob.goodPerformance<-Maryann
120# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
121# Bob.niceCoworker<-Maryann
122# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
123#
124# alpha.evaluatorOf(Joe)<-Bob
125# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
126# Bob.goodPerformance<-Joe
127# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
Note: See TracBrowser for help on using the repository browser.