Changes between Version 16 and Version 17 of WikiStart


Ignore:
Timestamp:
May 21, 2013 11:07:43 AM (12 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • WikiStart

    v16 v17  
    114114Libabac allows developers to import signed ABAC statements about principals and attributes and prove that certain principals have those attributes ([http://groups.geni.net/geni/wiki/TIEDABACModel more detail about ABAC logic]).  The basic structures that libabac uses to support those operations are identities, attributes, and a context for those.
    115115
    116 The [/browser/doc/API API document] lists all the interfaces to the library, but this section is intended to impart some meaning to the various structures.  The java interface is slightly different in detail, but uses the same constructs.  These examples use python so that the interested user can basically type along with the descriptions.
     116The [/browser/doc/API?tag=0.1.4 API document] lists all the interfaces to the library, but this section is intended to impart some meaning to the various structures.  The java interface is slightly different in detail, but uses the same constructs.  These examples use python so that the interested user can basically type along with the descriptions.
    117117
    118118
     
    274274=== Credentials and Roles ===
    275275
    276 Credentials are the abstraction of ABAC statements and Roles are the abstraction of the terms of an ABAC statement.  A Credential is made up of two Roles, a head and a tail that make the two sides of the ABAC statement.  There are a set of  accessors to parse the contents of a role, described in the [/browser/doc/API API docs], and roles are primarily of interest in printing and exploring the proof.
     276Credentials are the abstraction of ABAC statements and Roles are the abstraction of the terms of an ABAC statement.  A Credential is made up of two Roles, a head and a tail that make the two sides of the ABAC statement.  There are a set of  accessors to parse the contents of a role, described in the [/browser/doc/API?tag=0.1.4 API docs], and roles are primarily of interest in printing and exploring the proof.
    277277
    278278Credentials are useful in communicating proof contents outside the program.  In addition to {{{head}}} and {{{tail}}} accessors that access the Roles, a Credential has a {{{attribute_cert()}}} method that returns the exportable content of the assertion and an {{{issuer_cert()}}} that returns the issuer's X.509 certificate (sans private key).  These outputs are chunks, useful for writing to files or importing into other contexts.  The following code prints the proof of our earlier successful question and saves it to files.  This is not exemplary python file handling, but the point is to see the accessors:
     
    295295== Next Steps ==
    296296
    297 In addition to the [/browser/doc/API API description] the code for the [CredPrinterDocs credential printer] is [/browser/cred_printer available].  It is a fairly complete example of using python and libabac.
     297In addition to the [/browser/doc/API?tag=0.1.4 API description] the code for the [CredPrinterDocs credential printer] is [/browser/cred_printer available].  It is a fairly complete example of using python and libabac.
    298298
    299299