RFID Guardian ACL

From RFID Wiki

RFID Guardian Access Control List defines the actions of RFID Guardian. Users have freedom to modify, add or remove any rules as they like. The grammar is simple.

Contents after a hash mark (#) is comments.

A rule should start with rule $protocol ACCEPT or rule $protocol DENY. The protocol variable should be P15693 or P14443_A, etc. which means the ISO standard used during communication. ACCEPT or DENY defines different actions that the user expects RFID Guardian to take.

The body of the rule is described inside a pair of braces: { and }.

The keyword context describes different modes of RFID Guardian. Users can make Guardian switches between different modes as the environment changes without editing the ACL again. For example, a user may allow an RFID reader to query her credit card when she is in a supermarket. But if she is walking on the street, she would not like the same RFID reader to query her credit card again. To achieve this goal, the user can simply send a signal to RFID Guardian to make it switch from trusted mode to not-trusted mode when she is on street. Users must declare supported context types either at the beginning of ACL or in a separate context file.

role means group of readers, so role = PAYMENT means the readers of PAYMENT group. And it is the user who defines these groups.

tags means group of tags, so tags = @MYTAGS means the group of tags named MYTAGS. Please note that the name of the tag group should start with a @ mark, but the name of a reader group should not. The aim is to make it more clearly for the user to distinguish reader groups from tag groups.

Potential query content can specified in query field. For example, command means the command that RFID readers send to RFID tags, so command = INVENTORY means the command of Inventory. Other content include mask len and mask, which I will explain later.

Star (*) means any.

every line in the RULE body must end with a semicolon ;.

Below is an example ACL

context trusted;
context home;
context private;

# We generally would like to leave RFID traffic alone
rule P15693 ACCEPT
{
	context = *;
	role = *;
	tags = *;
	query = {command = *;};
};

# We would like to block all queries to our tags
rule P15693 DENY
{
	role = *;
	tags = @MY_TAGS;
	query = {command = *;};
};

# We allow friendly readers to do inventory queries on our tags
rule P15693 ACCEPT
{
	context = trusted;
	role = FRIENDLY_READERS;
	tags = @MY_TAGS;
	query = { command = INVENTORY; };
};

# We deny friendly readers to do queries on our secret tags
rule P15693 DENY
{
	context = *;
	role = *;
	tags = @SECRET_TAGS;
};

# We allow trusted readers to do queries on our secret tags
rule P15693 ACCEPT
{
	context = {home, private, };
	role = TRUSTED_READERS;
	tags = @SECRET_TAGS;
};

Retrieved from "http://www.rfidguardian.org/index.php/RFID_Guardian_ACL"

Category: All