source: examples/python_tests/alumni3_ctxt_rt1/README @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 2.1 KB
Line 
1#
2# This example shows the use of multiple contexts in one session. This is
3# based on alumni3_rt1, which is an example of reasoning about a role's
4# parameters with range constraints.  There are 6 principals StateU,
5# Bob, Mark, Maryann, Joe, and Jan.  StateU wants to establish a set of
6# founding alum # based on the year of graduation.  On graduation each alum
7# has previously # been issued a credential parameterized with their
8# major and graduation year. StateU sets up a policy that says that a
9# principal is a founding alumni if they graduated in 1960, 1961, or 1963
10# in either mathematics or psychology only.  This # policy is expressed in
11# Credential 1.
12#
13# Credentials 2, 3, 4, 5, and 6 each assign a diploma credential to Bob (a 1961
14# mathematics degree), Mark (a 1965 mathematics degree), Joe (a 1961 zoology degree),
15# Maryann (a 1962 psychology degree), and Jan (a 1960 psychology degree)
16#
17# The query.py asks if each of these principals are favored alums, and only
18# Bob and Jan are, in a multiple contexts scenario.
19#
20# context#A is made with credential 1, 2, 3,  context#B is duplicate from
21# context#A and then credential 4, 5, 6 are inserted. context#C is built
22# with credential 1, 4, 5, 6. When query for favored # alums, from context#A,
23# only Bob is, from context#B, both Bob and Jan are, and from context#C only
24# Jan should show up.
25#
26
27# alumni3_ctxt_rt1
28
29# Credential 1
30# [keyid:stateU].role:foundingAlumni
31#              <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']],
32#                                        [integer:?Year:[1960,1961,1963]])
33
34# Credential 2
35# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob]
36
37# Credential 3
38# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark]
39
40# Credential 4
41# [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe]
42
43# Credential 5
44# [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) <- [keyid:maryann]
45
46# Credential 6
47# [keyid:stateU].role:diploma([string:'psychology'],[integer:1960]) <- [keyid:jan]
48
Note: See TracBrowser for help on using the repository browser.