#!/bin/sh # # This example shows an example of reasoning about a role's parameters. There # are 4 principals StateU, Bob, Maryann, and Joe. StateU wants to establish a # set of founding alumni based on the year of graduation. On graduation each # alum has previously been issued a credential parameterized with their major # and graduation year. StateU sets up a policy that says that a principal is a # founding alum if they graduated in 1955 through 1958 inclusive no matter what # major the principal had. This policy is expressed in Credential 1. # # Credentials 2, 3, and 4 each assign a diploma credential to Bob (a 1960 # mathematics degree), Joe (a 1955 zoology degree) and Maryann (a 1956 # psychology degree). # # The attached ./run_query file asks if each of these principals are favored # alums and Joe and Maryann are. # alumni_rt1 # [keyid:stateU].role:foundingAlumni <-?- [keyid:Bob] (no) # [keyid:stateU].role:foundingAlumni <-?- [keyid:Maryann] (yes) # [keyid:stateU].role:foundingAlumni <-?- [keyid:Joe] (yes) creddy --generate --cn StateU creddy --generate --cn Bob creddy --generate --cn Maryann creddy --generate --cn Joe stateU_keyid=`creddy --keyid --cert StateU_ID.pem` bob_keyid=`creddy --keyid --cert Bob_ID.pem` maryann_keyid=`creddy --keyid --cert Maryann_ID.pem` joe_keyid=`creddy --keyid --cert Joe_ID.pem` diploma_q_qY="diploma([?], [integer:?Year:[1955..1958]])" diploma_m="diploma([string:'mathmatics'],[integer:1960])" diploma_z="diploma([string:'zoology'],[integer:1955])" diploma_p="diploma([string:'psychology'],[integer:1956])" # [keyid:stateU].role:foundingAlumni # <- [keyid:stateU].role:diploma([?], [integer:?Year:[1955..1958]]) # Credential 1 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "foundingAlumni" \ --subject-cert StateU_ID.pem --subject-role "$diploma_q_qY" \ --out StateU_foundingAlumni__stateU_diploma_q_qY_attr.der # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1960]) <- [keyid:bob] # Credential 2 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_m" \ --subject-cert Bob_ID.pem \ --out StateU_diploma_m__Bob_attr.der # [keyid:stateU].role:diploma([string:'zoology'],[integer:1955]) <- [keyid:joe] # Credential 3 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_z" \ --subject-cert Joe_ID.pem \ --out StateU_diploma_m__Joe_attr.der # [keyid:stateU].role:diploma([string:'psychology'],[integer:1956]) <- [keyid:maryann] # Credential 4 creddy --attribute \ --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_p" \ --subject-cert Maryann_ID.pem \ --out StateU_diploma_m__Maryann_attr.der ##################################################################### # stateU.foundingAlumni <- stateU.diploma(?, ?Year:[1955..1958]) # [keyid:stateU].role:foundingAlumni # <- [keyid:stateU].role:diploma([?], [integer:?Year:[1955..1958]]) # # stateU.diploma(mathmatics,1960)<-bob # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1960]) <- [keyid:bob] # # stateU.diploma(zoology,1955)<-joe # [keyid:stateU].role:diploma([string:'zoology'],[integer:1955]) <- [keyid:joe] # # stateU.diploma(psychology,1956)<-maryann # [keyid:stateU].role:diploma([string:'psychology'],[integer:1956]) <- [keyid:maryann] # # query, # stateU.foundingAlumni<-?-bob bad # [keyid:stateU].role:foundingAlumni <- [keyid:bob] # # stateU.foundingAlumni<-?-maryann good # [keyid:stateU].role:foundingAlumni <- [keyid:maryann] #