Changes between Version 4 and Version 5 of WikiStart


Ignore:
Timestamp:
May 17, 2013 10:38:29 AM (11 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WikiStart

    v4 v5  
    173173
    174174print "%s %s %s" % (id.keyid(), id1.keyid(), id2.keyid())
    175 
     175}}}
     176
     177Libabac generates self-signed certificates and does not check the signatures of imported certificates.  Use an external library to do that.
     178
     179=== Attributes ===
     180
     181Attributes are the signed ABAC statements that make up proofs.  libabac can import them from files and generate new ones.  This section describes creating them.
     182
     183[http://groups.geni.net/geni/wiki/TIEDABACModel As we have seen], an ABAC statement assigns an attribute (signed by an identity) to another identity or set of identities with a given attribute.  Here is how libabac constructs an attribute encoding {{{A.admin <- B}}}.  That attirbute means that identity A is assigning identity B the {{{admin}}} attribute for use in later proofs.
     184
     185{{{
     186import ABAC
     187
     188a = ABAC.ID("A", 24 * 3600 * 365 * 20)
     189b = ABAC.ID("B", 24 * 3600 * 365 * 20)
     190
     191attr = ABAC.Attribute(a, "admin", 24 * 3600 * 365 * 20)
     192attr.principal(b.keyid())
     193attr.bake()
     194
     195attr.write_name("attr.xml")
     196}}}
     197
     198The Attribute constructor takes the issuing identity, the attribute being assigned and the validity period of the assertion (in seconds).  This code assigns a principal to that class using the {{{principal}}} member.  The {{{role}}} member and {{{linking_role}}} members can be used to construct the other kinds of attributes.
     199
     200The {{{bake}}} member finalizes the attribute and creates a signed format for export, which one can write using the {{{write}}} and {{{write_name}}} members, that are analogous to {{{write_cert}}} and {{{write_cert_name}}} members of identities.
     201
     202The {{{bake}}} method exists so that Attributes can contain conjunctions.  If identity A wants to state that friendly admins are admins who are friendly ({{{A.friendly_admin <- A.friendly & A.admin}}}), this code will it:
     203
     204{{{
     205import ABAC
     206
     207a = ABAC.ID("A", 24 * 3600 * 365 * 20)
     208
     209attr = ABAC.Attribute(a, "friendly_admin", 24 * 3600 * 365 * 20)
     210attr.role(a.keyid(), "friendly")
     211attr.role(a.keyid(), "admin")
     212attr.bake()
     213
     214attr.write_name("attr.xml")
    176215
    177216}}}