wiki:NewStuff

Version 1 (modified by faber, 6 years ago) (diff)

--

[TOC]

New Features In The Coming Release

This pagdescribes features being developed for libabac and currently availabel on the tvf-new-xml branch of the git repository. There are three new features:

  • Support for multiple credential formats
  • Support for Version 1.1 GENI credentials
  • Support for human readable strings in credential printing

New Credentials

This release supports multiple credential formats, specifically version 1 and version 1.1 GENI credentials as well as reading GENI privilege credentials. Credentials read from files or chunks are transparenlty output as read, for example if they appear in a proof or if they are extracted from a context. Credentials that are created by an application are output in GENI v1.1 format by default, but can be created in GENI v1.0 using the set_output format of the Attribute object. Valid parameters to set_output_format are:

  • GENIv1.0
  • GENIv1.1

Note that the output format must be set before the attribute is baked, and that the format cannot be changed after bake has been called.

This code:

#!/usr/local/bin/python
import sys
import ABAC


i = ABAC.ID("TestPrincipal", 10 * 356 * 24 * 3600)
a = ABAC.Attribute(i, "role", 3600)

# Here's the format change
a.set_output_format("GENIv1.0")
# Format change above

a.principal(i.keyid());
a.bake()
a.write(sys.stdout)

Produces output similar to:

<?xml version="1.0" encoding="UTF-8"?>
<signed-credential>
    <credential xml:id="ref0">
	<type>abac</type>
	<version>1.0</version>
	<expires>2013-06-17T23:15:44Z</expires>
	<rt0>ccae806d6e2ac13e39036d83ddc9d09a7f7bf23d.role&lt;-ccae806d6e2ac13e39036d83ddc9d09a7f7bf23d</rt0>
    </credential>
    <signatures>
     <!-- elided -->
    </signatures>
  </credential>
</signed-credential>

This code:

#!/usr/local/bin/python
import sys
import ABAC


i = ABAC.ID("TestPrincipal", 10 * 356 * 24 * 3600)
a = ABAC.Attribute(i, "role", 3600)

# Here's the format change
a.set_output_format("GENIv1.1")
# Format change above

a.principal(i.keyid());
a.bake()
a.write(sys.stdout)

Produces:

<?xml version="1.0" encoding="UTF-8"?>
<signed-credential>
    <credential xml:id="ref0">
	<type>abac</type>
	<serial/>
	<owner_gid/>
	<target_gid/>
	<uuid/>
	<expires>2013-06-17T23:17:58Z</expires>
	<abac>
	    <rt0>
		<version>1.1</version>
		<head>
   <ABACprincipal><keyid>394d50f1f95468521ea1042c88047d8db1bebadd</keyid></ABACprincipal>
   <role>role</role>
</head>
<tail>
   <ABACprincipal><keyid>394d50f1f95468521ea1042c88047d8db1bebadd</keyid></ABACprincipal>
</tail>

	    </rt0>
	</abac>
    </credential>
    <signatures>
     <!-- elided -->
    </signatures>
  </credential>
</signed-credential>

Should you need to know the format in which an Attribute will be output:

#!/usr/local/bin/python
import ABAC

i = ABAC.ID("TestPrincipal", 10 * 356 * 24 * 3600)
a = ABAC.Attribute(i, "role", 3600)
print a.get_output_format()