scenario.txt

一个完整的XACML工程,学习XACML技术的好例子!

				*** Scenario ***

Two independent organisations exist, Ed and Gla. They want to interoperate. 
For this reason they update their policies to specify what foreign SOAs are 
trusted to allocate to their subordinates. Both organisations have keypairs
originating from the same Root CA (part of the same PKI).

The Ed organisation has its setup specified in ed subdirectory. The Gla 
organisation has its setup specified in gla subdirectory. Their repositories
are in the repository subdirectories respectively.

The PKI setup is in pki subdirectory. Note that the end-user PKCs are copied
in the organisation's repository as well.

				*** 0. PKI ***

The Root CA-2, available from Kilimanjaro.

All private keys and p12 files have the password "permis".

				*** 1. Ed ***

Resources: http://ed.ac.uk/ - available to both organisations
	   http://ed.ac.uk/private/ - available to Ed

Actions: GET

Roles: type: edRole (1.2.826.0.1.3344810.1.1.14.1)
       values: educator

AAs: cn=SOA,o=Ed,c=gb - root
     cn=AA,o=Ed,c=gb - subordinate, has an AC with delegation on

Users: cn=Edward,o=Ed,c=gb - has a educator role
       cn=Edmund,o=Ed,c=gb - has no roles

				*** 2. Gla ***

Resources: http://gla.ac.uk/ - available to both organisations
	   http://gla.ac.uk/private/ - available to Gla

Actions: GET

Roles: type: glaRole (1.2.826.0.1.3344810.1.1.14.2)
       values: glazer

AAs: cn=SOA,o=Gla,c=gb - root
     cn=AA,o=Gla,c=gb - subordinate, has an AC with delegation on

Users: cn=Gladys,o=Gla,c=gb - has a glazer role
       cn=Glain,o=Gla,c=gb - has no roles