Context Navigation

source: examples/payraise_rt1_typed/README @ 8bd77b5

mei_rt2mei_rt2_fix_1

Last change on this file since 8bd77b5 was 9335cfa, checked in by Mei <mei@…>, 13 years ago
1) add handling of 'this' data term for the principal type 2) add payraise_rt1_typed example 3) expand more test cases for python/swig/libabac
Property mode set to `100755`
File size: 4.8 KB

Line
1	#!/bin/sh
2
3	#####################################################################
4	# This example demostrates how to use 'this' as a data term of a RT1
5	# policy credential where it is implicitly translated to a variable.
6	#
7	# Credential 1 is the policy credential with 2 intersecting rules.
8	# A employee is up for a pay raise if the evaluator of the employee
9	# affirms his/her good performance and the manager of the employee
10	# affirms his/her pleasantness.
11	#
12	# Credential 2 is the policy credential that states an evaluator of
13	# an employee is also the manager of the employee.
14	#
15	# Credential 3, 4 and 5 state Bob is the evaluator of Maryann and she
16	# is showing good performance and is a nice coworker. Credential 6 and
17	# 7 state Bob is also the evaluator of Joe and he is showing good
18	# performance. But, there is no fact that says Joe is a nice coworker.
19	#
20	# The attached ./run_query file asks if a given principal is
21	# entitled to a pay raise. Maryann is but not Joe, because his manager
22	# did not affirm his pleasantness(but neither did he deny it)
23
24	rm -rf der pem
25
26	# [keyid:Alpha].role:payRaise <-?- [keyid:Maryann] (yes)
27	# [keyid:Alpha].role:payRaise <-?- [keyid:Joe] (no)
28
29	creddy --generate --cn Alpha
30	creddy --generate --cn Bob
31	creddy --generate --cn Maryann
32	creddy --generate --cn Joe
33
34	alpha_keyid=`creddy --keyid --cert Alpha_ID.pem`
35
36	bob_keyid=`creddy --keyid --cert Bob_ID.pem`
37	maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
38	joe_keyid=`creddy --keyid --cert Joe_ID.pem`
39
40	performance_qT="evaluatorOf([principal:?this]).goodPerformance"
41	niceguy_qT="managerOf([principal:?this]).niceCoworker"
42
43	manager_qZ="managerOf([principal:?Z])"
44	evaluator_qZ="evaluatorOf([principal:?Z])"
45
46	evaluator_m="evaluatorOf([keyid:$maryann_keyid])"
47	evaluator_j="evaluatorOf([keyid:$joe_keyid])"
48
49	# [keyid:alpha].role:payRaise <-
50	# [keyid:alpha].role:evaluatorOf([principal:?this]).role:goodPerformance &
51	# [keyid:alpha].role:managerOf([principal:?this]).role:niceCoworker
52	# Credential 1
53	creddy --attribute \
54	--issuer Alpha_ID.pem --key Alpha_private.pem --role payRaise \
55	--subject-cert Alpha_ID.pem --subject-role "$performance_qT" \
56	--subject-cert Alpha_ID.pem --subject-role "$niceguy_qT" \
57	--out Alpha_payraise__Alpha_performance_qT_niceguy_qT_attr.der
58
59	# [keyid:alpha].role:managerOf([principal:?Z])<-
60	# [keyid:alpha].role:evaluatorOf([principal:?Z])
61	# Credential 2
62	creddy --attribute \
63	--issuer Alpha_ID.pem --key Alpha_private.pem --role "$manager_qZ" \
64	--subject-cert Alpha_ID.pem --subject-role "$evaluator_qZ" \
65	--out Alpha_manager_qZ__Alpha_evaluator_qZ_attr.der
66
67	# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
68	# Credential 3
69	creddy --attribute \
70	--issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_m" \
71	--subject-cert Bob_ID.pem \
72	--out Alpha_evaluator_m__Bob_attr.der
73
74	# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
75	# Credential 4
76	creddy --attribute \
77	--issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
78	--subject-cert Maryann_ID.pem \
79	--out Bob_goodperformance__Maryann_attr.der
80
81	# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
82	# Credential 5
83	creddy --attribute \
84	--issuer Bob_ID.pem --key Bob_private.pem --role niceCoworker \
85	--subject-cert Maryann_ID.pem \
86	--out Bob_niceworker__Maryann_attr.der
87
88	# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
89	# Credential 6
90	creddy --attribute \
91	--issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_j" \
92	--subject-cert Bob_ID.pem \
93	--out Alpha_evaluator_j__Bob_attr.der
94
95	# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
96	# Credential 7
97	creddy --attribute \
98	--issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
99	--subject-cert Joe_ID.pem \
100	--out Bob_goodperformance__Joe_attr.der
101
102
103	#####################################################################
104	#
105	# alpha.payRaise <- alpha.evaluatorOf(this).goodPerformance &
106	# alpha.managerOf(this).niceCoworker
107	# [keyid:alpha].role:payRaise <-
108	# [keyid:alpha].role:evaluatorOf([principal:?this]).role:goodPerformance &
109	# [keyid:alpha].role:managerOf([principal:?this]).role:niceCoworker
110	#
111	# alpha.managerOf(this) <- alpha.evaluatorOf(this)
112	# [keyid:alpha].role:managerOf([principal:?this])<-
113	# [keyid:alpha].role:evaluatorOf([principal:?this])
114	#
115	# alpha.evaluatorOf(Maryann)<-Bob
116	# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
117	# Bob.goodPerformance<-Maryann
118	# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
119	# Bob.niceCoworker<-Maryann
120	# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
121	#
122	# alpha.evaluatorOf(Joe)<-Bob
123	# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
124	# Bob.goodPerformance<-Joe
125	# [keyid:Bob].role:goodPerformance <- [keyid:Joe])

Note: See TracBrowser for help on using the repository browser.

Download in other formats: