Changes between Version 3 and Version 4 of CredPrinterDocs


Ignore:
Timestamp:
May 24, 2011 9:59:33 AM (10 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CredPrinterDocs

    v3 v4  
    2626== Running the server ==
    2727
    28 The server takes an optional argument, {{{--cert}}} and a certificate with which to identify itself under SSL/https.  If omitted, the server will run under http, unencrypted and unauthenticated.  If run under SSL, the server expects clients to supply a certificate, but does not vaildate it's authorization chain.  This is for future expansion using ABAC authorization to the server and self-certifying identities.
     28The server takes an optional argument, {{{--cert}}} and a certificate with which to identify itself under SSL/https.  If omitted, the server will run under http, unencrypted and unauthenticated.  If run under SSL, the server expects clients to supply a certificate, but does not vaildate it's authorization chain.  This is for future expansion using ABAC authorization to the server and self-certifying identities.  The directions for [http://fedd.deterlab.net/wiki/FeddConfig#MakingaFedidCertificate making a fedid certificate] will also create a valid certificate for this use.
    2929
    3030The server also takes a {{{--port}}} argument defining the port to listen on.  By default it listens on port 13232.
     
    5656starts the server under http on port 13232.
    5757
     58== Running the client ==
    5859
     60The client is primarily to demonstrate the server functionality, but may prove useful itself.  It takes 2 optional parameters and a list of filenames, and prints the decoded credentials on the standard output.
     61
     62The {{{--url}}} option points to the server.  By default it is {{{http://localhost:13232}}}.  It can be set explicitly by setting this option, or by setting the {{{CRED_URL}}} environment variable.  Using an https URL without the {{{--cert}}} option will fail.
     63
     64The {{{--cert}}} option specifies a file to use for an https exchange.  If the option is given, any URL will be traeted as https; if omitted any URL will be treated as http. The directions for [http://fedd.deterlab.net/wiki/FeddConfig#MakingaFedidCertificate making a fedid certificate] will also create a valid certificate for this use.
     65
     66To try the client, start the server as an http server on the default port:
     67
     68{{{
     69$ cred_server.py
     70}}}
     71
     72and run the client with the contents of the [source:examples/experiment_create examples/experiment_create directory] from the [http://abac.deterlab.net/src/abac-0.1.3.tgz abac distribution].  Assuming that that directory is {{{examples/experiment_create}}}:
     73
     74{{{
     75$ cred_client.py examples/experiment_create/*
     76}}}
     77
     78produces:
     79
     80{{{
     81000: identity 9b47d3669b99a4ce1d3a0055be002ea6a580041a Acme
     82001: attribute 9b47d3669b99a4ce1d3a0055be002ea6a580041a.experiment_create <- 9b47d3669b99a4ce1d3a0055be002ea6a580041a.partner.experiment_create Acme.experiment_create <- Acme.partner.experiment_create
     83002: attribute 9b47d3669b99a4ce1d3a0055be002ea6a580041a.partner <- f923e9f69d33b52d8bbdfd19f2ec89dde7beedd7 Acme.partner <- Globotron
     84003: Error, code -1
     85004: identity 001f3599bafb755e97855b9ee0b3487830a4ecc7 Alice
     86005: attribute 001f3599bafb755e97855b9ee0b3487830a4ecc7.power_user <- b9cdabc274fa38390c26829efed68eaa527b8d00 Alice.power_user <- Bob
     87006: Error, code -1
     88007: identity b9cdabc274fa38390c26829efed68eaa527b8d00 Bob
     89008: Error, code -1
     90009: identity f923e9f69d33b52d8bbdfd19f2ec89dde7beedd7 Globotron
     91010: attribute f923e9f69d33b52d8bbdfd19f2ec89dde7beedd7.admin <- 001f3599bafb755e97855b9ee0b3487830a4ecc7 Globotron.admin <- Alice
     92011: attribute f923e9f69d33b52d8bbdfd19f2ec89dde7beedd7.experiment_create <- f923e9f69d33b52d8bbdfd19f2ec89dde7beedd7.admin.power_user Globotron.experiment_create <- Globotron.admin.power_user
     93012: Error, code -1
     94013: Error, code -1
     95}}}
     96
     97Credentials that represent identities, such as the first entry (001) above are marked as identity certificates and both the keyid (a SHA1 hash of the key as described in [http://www.ietf.org/rfc/rfc3280.txt RFC 3280], and the certificate CN (common name) are displayed.  Certificates created through [Creddy Creddy] and [source:doc/creddy_API libCreddy] put a human-readable name in the certificate CN.
     98
     99Credentials that represent attribute assignments are rendered as in line 002.  The attribute identifier is printed and the certificate presented in RT0 format both with keyids and human-readable names.
     100
     101For data that does not represent either an identity or an attribute, the error line is printed.  The code is a [source:doc/API libabac return code].  The errors in this example come from the private key files and README files in that example directory.
     102
     103