source: examples/python_tests/file_read_rt2/README @ c6d5da3

mei_rt2mei_rt2_fix_1
Last change on this file since c6d5da3 was f824a9e, checked in by Mei <mei@…>, 13 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 1.3 KB
RevLine 
[5f551d3]1#####################################################################
[f824a9e]2# This example demonstrates using a parameters to control access to
3# files based on the attributes of the principals. files are named by
4# URNs and are not principals.
[5f551d3]5#
6# A principal's access rights are controlled by the Alpha principal.  If a
7# principal has the role role::read(urn:filename) that
8# principal can read filename.  The policy is that the manager of the owner of
9# a file can read it. (Presumably the owner can, too, but that is not encoded
10# here.)
[f824a9e]11#
12# The setup.py file creates four principals Alpha, Bob, Maryann and Joe
[5f551d3]13#
[f824a9e]14# The attr.py file lays out the policy that the manager of the owner of a file
[5f551d3]15# can read it in Credential 1. Credential 2 establishes Bob as the manager of
16# Joe. and Credential 3 establishes Joe as the owner of the file.
17#
[f824a9e]18# The query.py file runs 2 queries.  First it confirms that Bob can read
[5f551d3]19# fileA, then it confirms that Maryann cannot.
20
[f824a9e]21# file_read_rt2
22#
23# Credential 1 (alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F)))
[5f551d3]24# [keyid:alpha].role:read([urn:?F])<-
25#    [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])]
26
27# Credential 2
28#[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob]
29
30# Credential 3
31#[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe]
32
Note: See TracBrowser for help on using the repository browser.