Context Navigation

README @ accd63d

mei_rt2

Last change on this file since accd63d was f824a9e, checked in by Mei <mei@…>, 12 years ago
1) add more doc to python_tests
Property mode set to `100755`
File size: 1.3 KB

Line
1	#####################################################################
2	# This example demonstrates using a parameters to control access to
3	# files based on the attributes of the principals. files are named by
4	# URNs and are not principals.
5	#
6	# A principal's access rights are controlled by the Alpha principal. If a
7	# principal has the role role::read(urn:filename) that
8	# principal can read filename. The policy is that the manager of the owner of
9	# a file can read it. (Presumably the owner can, too, but that is not encoded
10	# here.)
11	#
12	# The setup.py file creates four principals Alpha, Bob, Maryann and Joe
13	#
14	# The attr.py file lays out the policy that the manager of the owner of a file
15	# can read it in Credential 1. Credential 2 establishes Bob as the manager of
16	# Joe. and Credential 3 establishes Joe as the owner of the file.
17	#
18	# The query.py file runs 2 queries. First it confirms that Bob can read
19	# fileA, then it confirms that Maryann cannot.
20
21	# file_read_rt2
22	#
23	# Credential 1 (alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F)))
24	# [keyid:alpha].role:read([urn:?F])<-
25	# [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])]
26
27	# Credential 2
28	#[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob]
29
30	# Credential 3
31	#[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe]
32

Note: See TracBrowser for help on using the repository browser.