|
| Home | FAQ | Download |
| User Guide | Applications | Internals |
| License | Publications | Contact |
|
|
Attributes in the the Antigone policy language are used in the place of constant expressions. An attribute reference is indicated by prefixing the attribute name with a '$'. In the following example, the attribute id is referenced:
join : inlist($id,alice.bob,.) :: accept;
The following attributes are predefined and available to use in the policy:
Name: groupid
The groupid gives the base name for the group. The fully specified instance of the group is given by the group name and the instance number. The instance number will change as the group is rekeyed, but the group name will remain constant. The groupid may be up to 8 characters long.
Name: isserver
This attribute is set to "TRUE" for the server member and "FALSE" for all others.
During the course of execution, mechanisms can dynamically create attributes that are available until they are removed. The id attribute for example is defined by the Membership mechanism, but is only available while the mechanism is invoked.
See documentation on individual mechanisms in Mechanisms.
They may be defined in the policy files with a statement of the form:
name := <value>;
Where name is the name of the attribute and value is it's value. This can be useful for setting a value that is used multiple places. All occurrences of the value can then be changed by changing the attribute.
In the following example, there are multiple possible invocations of the lkhkey mechanism, but each use the same rekey period. By making this an attribute, it can easily changed for all cases.
rkper := <5.0>; alpha : :: lkhkey (hashfunc=sha1, crypt=blowfish, rekeyperiod=$rkper); beta : :: lkhkey (hashfunc=sha1, crypt=des , rekeyperiod=$rkper); chi : :: lkhkey (hashfunc=md5 , crypt=blowfish, rekeyperiod=$rkper); delta : :: lkhkey (hashfunc=md5 , crypt=rc4 , rekeyperiod=$rkper);