mei_rt2mei_rt2_fix_1
Last change
on this file since c6d5da3 was
f824a9e,
checked in by Mei <mei@…>, 13 years ago
|
1) add more doc to python_tests
|
-
Property mode set to
100755
|
File size:
1.3 KB
|
Rev | Line | |
---|
[5f551d3] | 1 | ##################################################################### |
---|
[f824a9e] | 2 | # This example demonstrates using a parameters to control access to |
---|
| 3 | # files based on the attributes of the principals. files are named by |
---|
| 4 | # URNs and are not principals. |
---|
[5f551d3] | 5 | # |
---|
| 6 | # A principal's access rights are controlled by the Alpha principal. If a |
---|
| 7 | # principal has the role role::read(urn:filename) that |
---|
| 8 | # principal can read filename. The policy is that the manager of the owner of |
---|
| 9 | # a file can read it. (Presumably the owner can, too, but that is not encoded |
---|
| 10 | # here.) |
---|
[f824a9e] | 11 | # |
---|
| 12 | # The setup.py file creates four principals Alpha, Bob, Maryann and Joe |
---|
[5f551d3] | 13 | # |
---|
[f824a9e] | 14 | # The attr.py file lays out the policy that the manager of the owner of a file |
---|
[5f551d3] | 15 | # can read it in Credential 1. Credential 2 establishes Bob as the manager of |
---|
| 16 | # Joe. and Credential 3 establishes Joe as the owner of the file. |
---|
| 17 | # |
---|
[f824a9e] | 18 | # The query.py file runs 2 queries. First it confirms that Bob can read |
---|
[5f551d3] | 19 | # fileA, then it confirms that Maryann cannot. |
---|
| 20 | |
---|
[f824a9e] | 21 | # file_read_rt2 |
---|
| 22 | # |
---|
| 23 | # Credential 1 (alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F))) |
---|
[5f551d3] | 24 | # [keyid:alpha].role:read([urn:?F])<- |
---|
| 25 | # [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])] |
---|
| 26 | |
---|
| 27 | # Credential 2 |
---|
| 28 | #[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob] |
---|
| 29 | |
---|
| 30 | # Credential 3 |
---|
| 31 | #[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe] |
---|
| 32 | |
---|
Note: See
TracBrowser
for help on using the repository browser.