source: examples/payraise_rt1_typed/README @ 9335cfa

mei_rt2mei_rt2_fix_1
Last change on this file since 9335cfa was 9335cfa, checked in by Mei <mei@…>, 13 years ago

1) add handling of 'this' data term for the principal type
2) add payraise_rt1_typed example
3) expand more test cases for python/swig/libabac

  • Property mode set to 100755
File size: 4.8 KB
Line 
1#!/bin/sh
2
3#####################################################################
4# This example demostrates how to use 'this' as a data term of a RT1
5# policy credential where it is implicitly translated to a variable.
6#
7# Credential 1 is the policy credential with 2 intersecting rules.
8# A employee is up for a pay raise if the evaluator of the employee
9# affirms his/her good performance and the manager of the employee
10# affirms his/her pleasantness.
11#
12# Credential 2 is the policy credential that states an evaluator of
13# an employee is also the manager of the employee.
14#
15# Credential 3, 4 and 5 state Bob is the evaluator of Maryann and she
16# is showing good performance and is a nice coworker. Credential 6 and
17# 7 state Bob is also the evaluator of Joe and he is showing good
18# performance. But, there is no fact that says Joe is a nice coworker.
19#
20# The attached ./run_query file asks if a given principal is
21# entitled to a pay raise. Maryann is but not Joe, because his manager
22# did not affirm his pleasantness(but neither did he deny it)
23
24rm -rf *der *pem
25
26# [keyid:Alpha].role:payRaise <-?- [keyid:Maryann] (yes)
27# [keyid:Alpha].role:payRaise <-?- [keyid:Joe] (no)
28
29creddy --generate --cn Alpha
30creddy --generate --cn Bob
31creddy --generate --cn Maryann
32creddy --generate --cn Joe
33
34alpha_keyid=`creddy --keyid --cert Alpha_ID.pem`
35
36bob_keyid=`creddy --keyid --cert Bob_ID.pem`
37maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
38joe_keyid=`creddy --keyid --cert Joe_ID.pem`
39
40performance_qT="evaluatorOf([principal:?this]).goodPerformance"
41niceguy_qT="managerOf([principal:?this]).niceCoworker"
42
43manager_qZ="managerOf([principal:?Z])"
44evaluator_qZ="evaluatorOf([principal:?Z])"
45
46evaluator_m="evaluatorOf([keyid:$maryann_keyid])"
47evaluator_j="evaluatorOf([keyid:$joe_keyid])"
48
49# [keyid:alpha].role:payRaise <-
50#           [keyid:alpha].role:evaluatorOf([principal:?this]).role:goodPerformance &
51#           [keyid:alpha].role:managerOf([principal:?this]).role:niceCoworker
52# Credential 1
53creddy --attribute \
54       --issuer Alpha_ID.pem --key Alpha_private.pem --role payRaise \
55       --subject-cert Alpha_ID.pem --subject-role "$performance_qT" \
56       --subject-cert Alpha_ID.pem --subject-role "$niceguy_qT" \
57       --out Alpha_payraise__Alpha_performance_qT_niceguy_qT_attr.der
58
59# [keyid:alpha].role:managerOf([principal:?Z])<-
60#           [keyid:alpha].role:evaluatorOf([principal:?Z])
61# Credential 2
62creddy --attribute \
63       --issuer Alpha_ID.pem --key Alpha_private.pem --role "$manager_qZ" \
64       --subject-cert Alpha_ID.pem --subject-role "$evaluator_qZ" \
65       --out Alpha_manager_qZ__Alpha_evaluator_qZ_attr.der
66
67# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
68# Credential 3
69creddy --attribute \
70        --issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_m" \
71        --subject-cert Bob_ID.pem \
72        --out Alpha_evaluator_m__Bob_attr.der
73
74# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
75# Credential 4
76creddy --attribute \
77        --issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
78        --subject-cert Maryann_ID.pem \
79        --out Bob_goodperformance__Maryann_attr.der
80
81# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
82# Credential 5
83creddy --attribute \
84        --issuer Bob_ID.pem --key Bob_private.pem --role niceCoworker \
85        --subject-cert Maryann_ID.pem \
86        --out Bob_niceworker__Maryann_attr.der
87
88# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
89# Credential 6
90creddy --attribute \
91        --issuer Alpha_ID.pem --key Alpha_private.pem --role "$evaluator_j" \
92        --subject-cert Bob_ID.pem \
93        --out Alpha_evaluator_j__Bob_attr.der
94
95# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
96# Credential 7
97creddy --attribute \
98        --issuer Bob_ID.pem --key Bob_private.pem --role goodPerformance \
99        --subject-cert Joe_ID.pem \
100        --out Bob_goodperformance__Joe_attr.der
101
102
103#####################################################################
104#
105# alpha.payRaise <- alpha.evaluatorOf(this).goodPerformance &
106#                   alpha.managerOf(this).niceCoworker
107# [keyid:alpha].role:payRaise <-
108#           [keyid:alpha].role:evaluatorOf([principal:?this]).role:goodPerformance &
109#           [keyid:alpha].role:managerOf([principal:?this]).role:niceCoworker
110#
111# alpha.managerOf(this) <- alpha.evaluatorOf(this)
112# [keyid:alpha].role:managerOf([principal:?this])<-
113#           [keyid:alpha].role:evaluatorOf([principal:?this])
114#
115# alpha.evaluatorOf(Maryann)<-Bob
116# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
117# Bob.goodPerformance<-Maryann
118# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
119# Bob.niceCoworker<-Maryann
120# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
121#
122# alpha.evaluatorOf(Joe)<-Bob
123# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
124# Bob.goodPerformance<-Joe
125# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
Note: See TracBrowser for help on using the repository browser.