[10e1588] | 1 | #!/bin/sh |
---|
| 2 | |
---|
| 3 | rm -rf *.der *.pem |
---|
| 4 | |
---|
| 5 | # alpha.read(fileA) <-?- Bob |
---|
| 6 | #[keyid:Alpha].role:read([urn:'file://fileA']) <-?- [keyid:Bob] (yes) |
---|
| 7 | #[keyid:Alpha].role:read([urn:'file://fileA']) <-?- [keyid:Maryann] (yes) |
---|
| 8 | |
---|
| 9 | creddy --generate --cn Alpha |
---|
| 10 | creddy --generate --cn Bob |
---|
| 11 | creddy --generate --cn Maryann |
---|
| 12 | creddy --generate --cn Joe |
---|
| 13 | |
---|
| 14 | alpha_keyid=`creddy --keyid --cert Alpha_ID.pem` |
---|
| 15 | bob_keyid=`creddy --keyid --cert Bob_ID.pem` |
---|
| 16 | maryann_keyid=`creddy --keyid --cert Maryann_ID.pem` |
---|
| 17 | joe_keyid=`creddy --keyid --cert Joe_ID.pem` |
---|
| 18 | |
---|
| 19 | read_fileA="read([urn:'file://fileA'])" |
---|
| 20 | managerof_joe="managerOf([keyid:$joe_keyid])" |
---|
| 21 | ownerof_fileA="ownerOf([urn:'file://fileA'])" |
---|
[da5afdf] | 22 | managerof_qE="managerOf([principal:?E[keyid:$alpha_keyid].role:ownerOf([urn:?F])])" |
---|
[10e1588] | 23 | |
---|
| 24 | # alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F)) |
---|
| 25 | # [keyid:alpha].role:read([urn:?F])<- |
---|
[da5afdf] | 26 | # [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])] |
---|
[10e1588] | 27 | creddy --attribute \ |
---|
| 28 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "read([urn:?F])" \ |
---|
| 29 | --subject-cert Alpha_ID.pem --subject-role "$managerof_qE" \ |
---|
| 30 | --out Alpha_read_qF__alpha_managerof_qE_attr.der |
---|
| 31 | |
---|
| 32 | #[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob] |
---|
| 33 | creddy --attribute \ |
---|
| 34 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "$managerof_joe" \ |
---|
| 35 | --subject-cert Bob_ID.pem \ |
---|
| 36 | --out Alpha_managerof_Joe__Bob_attr.der |
---|
| 37 | |
---|
| 38 | #[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe] |
---|
| 39 | creddy --attribute \ |
---|
| 40 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "$ownerof_fileA" \ |
---|
| 41 | --subject-cert Joe_ID.pem \ |
---|
| 42 | --out Alpha_ownerof_fileA__Joe_attr.der |
---|
| 43 | |
---|
| 44 | #################################################################################### |
---|
| 45 | # note: |
---|
| 46 | # |
---|
| 47 | # alpha.read(?F) <- alpha.manager(?E:alpha.owner(?F)) |
---|
| 48 | # [keyid:alpha].role:read([urn:?F])<- |
---|
[da5afdf] | 49 | # #[keyid:alpha].role:manager([principal:?E[keyid:alpha].role:owner([urn:?F])]) |
---|
[10e1588] | 50 | # |
---|
| 51 | # alpha.read(?F) <- alpha.manager(?E) |
---|
| 52 | # and alpha.owner(?F) <- ?E |
---|
| 53 | # |
---|
| 54 | # [keyid:alpha].role:read([urn:?F])<-[keyid:?M] |
---|
| 55 | # [keyid:alpha].role:manager([principal:?E])<-[keyid:?M] |
---|
| 56 | # [keyid:alpha].role:owner([urn:?F])<-[keyid:?E] |
---|
| 57 | # |
---|
| 58 | # isMember(M,role(alpha,read,F)) :- |
---|
| 59 | # isMember(M, role(alpha,manager,E)), |
---|
| 60 | # isMember(E, role(alpha,owner,F)) <-- constraining rule |
---|
| 61 | # |
---|
| 62 | # alpha.read(?F) <- alpha.manager(?E) |
---|
| 63 | # alpha.owner(?F) <- ?E |
---|
| 64 | # |
---|
| 65 | # condition like this, |
---|
| 66 | # ?E:A.r needs to be translate into constraining rule, A.r<-?E |
---|
| 67 | # |
---|
| 68 | # query, |
---|
| 69 | # alpha.read(fileA) <-?- Bob |
---|
| 70 | # needs |
---|
| 71 | # alpha.manager(Joe)<-Bob |
---|
| 72 | # alpha.owner(fileA)<-Joe |
---|
| 73 | |
---|