source: examples/evaluator_rt1_typed/README @ 7b548fa

mei_rt2mei_rt2_fix_1meiyap-rt1rt2
Last change on this file since 7b548fa was 2c01913, checked in by Ted Faber <faber@…>, 12 years ago

Added docs
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/bin/sh
2
3rm -rf *.pem *.der
4
5# This example demonstrates linking parameterized roles and delegating across
6# institutions.  There are 4 principals USC, ISI, John, and Maryann.  USC and
7# ISI are companies, and USC owns ISI.  USC sets the policy that the manager of
8# a principal (an employee) has the role of evaluating that employee (and no
9# others).  That policy is expressed in Credential 1.  Credential 2 says that
10# ISI's assignment of manager roles is accepted by USC.  Similarly Credential 4
11# says that any ISI employee is a USC employee.
12#
13# Credential 3 encodes ISI asserting that John is the manager of Maryann and
14# credentials 5 and 6 idicate that John and Maryann are ISI employees.
15#
16# the attached ./rr script queries that USC grants John the role of evaluator
17# of Maryann, that ISI asserts John is Maryann's manager and that John is an
18# ISI employee.
19
20#[keyid:USC].role:employee <-?- [keyid:John]
21#[keyid:USC].role:evaluatorOf([keyid:Maryann])<-?- [keyid:John]
22
23creddy --generate --cn ISI
24creddy --generate --cn USC
25creddy --generate --cn Maryann
26creddy --generate --cn John
27
28isi_keyid=`creddy --keyid --cert ISI_ID.pem`
29usc_keyid=`creddy --keyid --cert USC_ID.pem`
30maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
31john_keyid=`creddy --keyid --cert John_ID.pem`
32
33managerof_maryann="managerOf([keyid:$maryann_keyid])"
34
35#[keyid:USC].role:evaluatorOf([principal:?K])<-[keyid:USC].role:managerOf([principal:?K])
36# Credential 1
37creddy --attribute \
38       --issuer USC_ID.pem --key USC_private.pem --role 'evaluatorOf([principal:?K])' \
39       --subject-cert USC_ID.pem --subject-role 'managerOf([principal:?K])' \
40       --out USC_evaluatorof_qK__USC_managerof_qK_attr.der
41
42#[keyid:USC].role:managerOf([principal:?K])<-[keyid:ISI].role:managerOf([principal:?K])
43# Credential 2
44creddy --attribute \
45       --issuer USC_ID.pem --key USC_private.pem --role 'managerOf([principal:?K])' \
46       --subject-cert ISI_ID.pem --subject-role 'managerOf([principal:?K])' \
47       --out USC_managerof_qK__USC_employee_attr.der
48
49#[keyid:ISI].role:managerOf([keyid:Maryann]) <- [keyid:John]
50# Credential 3
51creddy --attribute \
52       --issuer ISI_ID.pem --key ISI_private.pem --role "$managerof_maryann" \
53       --subject-cert John_ID.pem \
54       --out ISI_manageof_Maryann__John_attr.der
55
56#[keyid:USC].role:employee <- [keyid:ISI].role:employee
57# Credential 4
58creddy --attribute \
59       --issuer USC_ID.pem --key USC_private.pem --role employee \
60       --subject-cert ISI_ID.pem --subject-role employee \
61       --out USC_employee__ISI_employee_attr.der
62
63#[keyid:ISI].role:employee  <- [keyid:Maryann]
64# Credential 5
65creddy --attribute \
66       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
67       --subject-cert Maryann_ID.pem \
68       --out ISI_employee__Maryann_attr.der
69
70#[keyid:ISI].role:employee <- [keyid:John]
71# Credential 6
72creddy --attribute \
73       --issuer ISI_ID.pem --key ISI_private.pem --role employee \
74       --subject-cert John_ID.pem \
75       --out ISI_employee__John_attr.der
76
Note: See TracBrowser for help on using the repository browser.