#!/bin/sh # # This example shows an example of reasoning about a role's parameters. There # are 4 principals StateU, Bob, Mark, Maryann, Joe, and Jan. StateU wants to # establish a set of founding alumni based on the year of graduation. On # graduation each alum has previously been issued a credential parameterized # with their major and graduation year. StateU sets up a policy that says that # a principal is a founding alum if they graduated in 1960, 1961, or 1963 in # either mathematics or psychology. One assumes there was some kind of NCAA # suspension in 1962. This policy is expressed in Credential 1. # # Credentials 2, 3, 4, 5, and 6 each assign a diploma credential to Bob (a 1961 # mathematics degree), Mark (a 1965 mathematics degree), Joe (a 1961 zoology degree), Maryann (a 1962 psychology degree), and Jan (a 1960 psychology degree) # # The attached ./run_query file asks if each of these principals are favored # alums, and only Bob and Jan are. # alumni3_rt1 rm -rf *.der *.pem # [keyid:stateU].role:foundingAlumni <-?- [keyid:Bob] (yes) # [keyid:stateU].role:foundingAlumni <-?- [keyid:Maryann] (no) # [keyid:stateU].role:foundingAlumni <-?- [keyid:Joe] (no) creddy --generate --cn StateU creddy --generate --cn Bob creddy --generate --cn Mark creddy --generate --cn Joe creddy --generate --cn Maryann creddy --generate --cn Jan stateU_keyid=`creddy --keyid --cert StateU_ID.pem` bob_keyid=`creddy --keyid --cert Bob_ID.pem` mark_keyid=`creddy --keyid --cert Mark_ID.pem` joe_keyid=`creddy --keyid --cert Joe_ID.pem` maryann_keyid=`creddy --keyid --cert Maryann_ID.pem` jan_keyid=`creddy --keyid --cert Jan_ID.pem` diploma_q_qY="diploma([string:?D:['mathmatics','psychology']], [integer:?Year:[1960,1961,1963]])" diploma_m="diploma([string:'mathmatics'],[integer:1961])" diploma_mm="diploma([string:'mathmatics'],[integer:1965])" diploma_z="diploma([string:'zoology'],[integer:1961])" diploma_p="diploma([string:'psychology'],[integer:1962])" diploma_pp="diploma([string:'psychology'],[integer:1960])" # [keyid:stateU].role:foundingAlumni # <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']], [integer:?Year:[1960,1961,1963]]) # Credential 1 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "foundingAlumni" \ --subject-cert StateU_ID.pem --subject-role "$diploma_q_qY" \ --out StateU_foundingAlumni__stateU_diploma_q_qY_attr.der # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob] # Credential 2 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_m" \ --subject-cert Bob_ID.pem \ --out StateU_diploma_m__Bob_attr.der # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark] # Credential 3 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_mm" \ --subject-cert Mark_ID.pem \ --out StateU_diploma_mm__Mark_attr.der # [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe] # Credential 4 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_z" \ --subject-cert Joe_ID.pem \ --out StateU_diploma_z__Joe_attr.der # [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) <- [keyid:maryann] # Credential 5 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_p" \ --subject-cert Maryann_ID.pem \ --out StateU_diploma_p__Maryann_attr.der # [keyid:stateU].role:diploma([string:'psychology'],[integer:1960]) <- [keyid:jan] # Credential 6 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_pp" \ --subject-cert Jan_ID.pem \ --out StateU_diploma_pp__Jan_attr.der