#
# This example shows a way to allow an user with multiple keyid identities 
# to be 'reasoned' as one within a single scope.  There are 4 principals 
# Geni, Bob, Jack, and Joe. Bob and Joe are actually the same person but 
# not Jack.
#
# Credentials 1 is the policy that says a principal is a group leader
# at Geni if it is equivalent to another principal who is a group 
# leader at Geni. 
#
# Credentials 2 establishes Bob as a group leader at Geni while
# credential 3 and 4 are the equivalent rules between Bob and Joe.
#
# The query.py file asks if Joe is also an group leader which he is because
# there is a equivalent rule from Bob to him. It also asks  if Jack is a 
# group leader which he isn't because there is no equivalent rule from Bob 
# to him.

# leader_rt1

# Credential 1,
# [keyid:geni].role:leader 
#         <- [keyid:geni].role:equivalent([principal:?P[keyid:geni].role:leader])

# Credential 2
# [keyid:geni].role:leader <- [keyid:bob]

# Credential 3
# [keyid:geni].role:equivalent([keyid:bob]) <- [keyid:Joe]

# Credential 4
# [keyid:geni].role:equivalent([keyid:Joe]) <- [keyid:Bob]