source: examples/python_tests/acme_friend_rt1/README @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 1.5 KB
Line 
1#
2# This example shows how a parameterized role can be used to infer a role and
3# that the same role can also be directly assigned.  The example has 4
4# principals, the Acme company, a Coyote, a RoadRunner and a Jackrabbit.
5#
6# The policy of the Acme company is that anyone the Acme company thinks is a
7# friend of the Roadrunner is a preferred customer.  A friend of the roadrunner
8# has the [keyid:Acme].role:friendOf([keyid:Roadrunner]) role, and a preferred
9# customer has the [keyid:Acme].role:preferred_customer role.
10#
11# setup.py script creates the 4 principal: Acme, Coyote, Roadrunner and
12# Jackrabbit.
13# attr.py script creates 3 policy credentials,  Credential 1 lays out the rule
14# that friends of the Roadrunner are preferred customers.  Credential 2
15# directly makes the Coyote a preferred customer.  Credential 3 recognizes that
16# Acme thinks that the Jackrabbit is the Roadrunner's friend.
17#
18# The query.py script tests whether the coyote is a friend of the
19# Roadrunner (which fails), whether the Jackrabbit is a friend of the
20# Roadrunner (which succeeds), whether the Jackrabbit is a preferred customer
21# (which succeeds), whether the Coyote is a prefered customer (succeeds for a
22# different reason) and whether the system fails to load a bad certificate (it
23# does).
24#
25# acme_friend_rt1
26#
27# Credential 1
28#[keyid:Acme].role:preferred_customer <- [keyid:Acme].role:friendOf([keyid:Roadrunner])
29
30# Credential 2
31#[keyid:Acme].role:prefered_customer <- [keyid:Coyote]
32
33# Credential 3
34#[keyid:Acme].role:friendOf([keyid:Roadrunner]) <- [keyid:Jackrabbit]
35
Note: See TracBrowser for help on using the repository browser.