source: examples/python_tests/acme_friend_rt1/README @ 9b43fc3

mei_rt2mei_rt2_fix_1
Last change on this file since 9b43fc3 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests
  • Property mode set to 100755
File size: 1.5 KB
Line 
1#
2# This example shows how a parameterized role can be used to infer a role and
3# that the same role can also be directly assigned.  The example has 4
4# principals, the Acme company, a Coyote, a RoadRunner and a Jackrabbit.
5#
6# The policy of the Acme company is that anyone the Acme company thinks is a
7# friend of the Roadrunner is a preferred customer.  A friend of the roadrunner
8# has the [keyid:Acme}.role:friendOf([keyid:Roadrunner]) role, and a preferred
9# customer has the [keyid:Acme].role:preferred_customer role.
10#
11# setup.py script creates the 4 principal: Acme, Coyote, Roadrunner and
12# Jackrabbit.
13# attr.py script creates 3 policy credentials,  Credential 1 lays out the rule
14# that friends of the Roadrunner are preferred customers.  Credential 2
15# directly makes the Coyote a preferred customer.  Credential 3 recognizes that
16# Acme thinks that the Jackrabbit is the Roadrunner's friend.
17#
18# The query.py script tests whether the coyote is a friend of the
19# Roadrunner (which fails), whether the Jackrabbit is a friend of the
20# Roadrunner (which succeeds), whether the Jackrabbit is a preferred customer
21# (which succeeds), whether the Coyote is a prefered customer (succeeds for a
22# different reason) and whether the system fails to load a bad certificate (it
23# does).
24#
25# acme_friend_rt1
26#
27# Credential 1
28#[keyid:Acme].role:preferred_customer <- [keyid:Acme].role:friendOf([keyid:Roadrunner])
29
30# Credential 2
31#[keyid:Acme].role:prefered_customer <- [keyid:Coyote]
32
33# Credential 3
34#[keyid:Acme].role:friendOf([keyid:Roadrunner]) <- [keyid:Jackrabbit]
35
Note: See TracBrowser for help on using the repository browser.