This directory contains various ABAC scenario that exercises various feature of the current implmentation with YAP prolog db. The frontend query client is abac_yap_prover. Each subdirectory has a README script which includes a description of the scenario, and the calls that to generate the needed credentials. There is a run_query script which sets up and runs couple of typical query using abac_yap_prover. runall, is the top level script that will cleanup and setup the credentials needed in each subdirectories runcheck, is the top level script that initiate the run_query script within each subdirectories; capture the result and diff with the baseline output in allout.save. abac_yap_prover Usage: abac_prover_yap --keystore --role --principal --oset --object loads the keystore and runs the query role <-?- principal the query oset <-?- object --dump extracts all credentials from the prolog db keystore is the location where the prover will search to load credentials. All accessible identity credentials and attribute credentials will be picked up one file at a time. role, oset, principal, and object are specified with principal's SHA1 value extracted from the credentials that are loaded from keystore location using creddy. Example can be found in the run_queryscript. An actual example from balltime_rt2_typed, abac_prover_yap --keystore /home/mei/Deter/abac/examples/balltime_rt2_typed --role [keyid:212146063d65264e8f27c31f0da592e386fc59aa].role:stadium ([string:'access'],[boolean:true],[time:20120228T130000]) --principal [keyid:49bdcd1278fce71d7c5cb3ee9138c22f7379e8e0] Currently, the dump option might fail if not enough information is stored in the backend db. It will be reimplemented in the near future. Two useful environment variables, DUMP_DB, extract the complete yap db to stdout ABAC_CN, use CN instead of SHA1 value for identifying the principals. This is useful for debugging purpose but will not resolve conflict when CN is not uniquely associated with each principal's SHA1 value. env ABAC_CN=1 runall run or env DUMP_DB=1 ABAC_CN=1 run_query