| 1 | #!/bin/sh |
|---|
| 2 | |
|---|
| 3 | rm -rf *.der *.pem |
|---|
| 4 | |
|---|
| 5 | # |
|---|
| 6 | #Acme runs a testbed. They've delegated the authority to create |
|---|
| 7 | #experiments to all their partners. The Globotron company is one such |
|---|
| 8 | #partner. |
|---|
| 9 | # |
|---|
| 10 | # Acme.experiment_create <- Acme.partner.experiment_create |
|---|
| 11 | # Acme.partner <- Globotron |
|---|
| 12 | # |
|---|
| 13 | #Globotron has delegated the authority to anyone an admin thinks is a |
|---|
| 14 | #'power user'. |
|---|
| 15 | # |
|---|
| 16 | # Globotron.experiment_create <- Globotron.admin.power_user |
|---|
| 17 | # |
|---|
| 18 | #Alice is an admin, and her friend Bob is a power user: |
|---|
| 19 | # |
|---|
| 20 | # Globotron.admin <- Alice |
|---|
| 21 | # Alice.power_user <- Bob |
|---|
| 22 | # |
|---|
| 23 | #From these credentials, it is possible to construct a proof graph |
|---|
| 24 | #showing that Acme.experiment_create <- Bob. |
|---|
| 25 | # |
|---|
| 26 | #Note that there is a one-to-one correspondence with each credential |
|---|
| 27 | #above and the attribute certificates below. |
|---|
| 28 | # |
|---|
| 29 | |
|---|
| 30 | creddy --generate --cn Acme |
|---|
| 31 | creddy --generate --cn Globotron |
|---|
| 32 | creddy --generate --cn Alice |
|---|
| 33 | creddy --generate --cn Bob |
|---|
| 34 | |
|---|
| 35 | #[keyid:Acme].role:experiment_create <- [keyid:Acme].role:partner.role:experiment_create |
|---|
| 36 | creddy --attribute \ |
|---|
| 37 | --issuer Acme_ID.pem --key Acme_private.pem --role experiment_create \ |
|---|
| 38 | --subject-cert Acme_ID.pem --subject-role partner.experiment_create \ |
|---|
| 39 | --out Acme_experiment_create__Acme_partner_experiment_create_attr.der |
|---|
| 40 | |
|---|
| 41 | #[keyid:Acme].role:partner <- [keyid:Globotron] |
|---|
| 42 | creddy --attribute \ |
|---|
| 43 | --issuer Acme_ID.pem --key Acme_private.pem --role partner \ |
|---|
| 44 | --subject-cert Globotron_ID.pem \ |
|---|
| 45 | --out Acme_partner__Globotron_attr.der |
|---|
| 46 | |
|---|
| 47 | #[keyid:Globotron].role:expriment_create <- [keyid:Globotron].role:admin.role:power_user |
|---|
| 48 | creddy --attribute \ |
|---|
| 49 | --issuer Globotron_ID.pem --key Globotron_private.pem --role experiment_create \ |
|---|
| 50 | --subject-cert Globotron_ID.pem --subject-role admin.power_user \ |
|---|
| 51 | --out Globotron_experiment_create__Globotron_admin_power_user_attr.der |
|---|
| 52 | |
|---|
| 53 | #[keyid:Globotron].role:admin <- [keyid:Alice] |
|---|
| 54 | creddy --attribute \ |
|---|
| 55 | --issuer Globotron_ID.pem --key Globotron_private.pem --role admin \ |
|---|
| 56 | --subject-cert Alice_ID.pem \ |
|---|
| 57 | --out Globotron_admin__Alice_attr.der |
|---|
| 58 | |
|---|
| 59 | #[keyid:Alice].role:power_user <- [keyid:Bob] |
|---|
| 60 | creddy --attribute \ |
|---|
| 61 | --issuer Alice_ID.pem --key Alice_private.pem --role power_user \ |
|---|
| 62 | --subject-cert Bob_ID.pem \ |
|---|
| 63 | --out Alice_power_user__Bob_attr.der |
|---|
| 64 | |
|---|
| 65 | |
|---|
