[ba6027a] | 1 | = 0.2.2 = |
---|
[7c5d673] | 2 | |
---|
[abf8d5d] | 3 | 2012-09-XX |
---|
[7c5d673] | 4 | |
---|
[db99d8d] | 5 | * Remove the self-signing verification check in abac_verifier for |
---|
| 6 | self-signing certificate |
---|
[6244e28] | 7 | * Replaced cn extraction code used in libabac by a more generalized |
---|
| 8 | method that retrieves the last "CN=" term from the subject line |
---|
| 9 | of a principal credential before chopping it out |
---|
[abf8d5d] | 10 | * Added a new API call, next_proof (abac_context_query_again) that can |
---|
| 11 | force YAP to backtrack and produce a new solution proof if exists |
---|
| 12 | * New performance testing setup under examples directory. Added |
---|
| 13 | plotting and graphing scripts |
---|
| 14 | * Updated examples directory to use Makefile, added performance |
---|
| 15 | testing setup, plotting scripts, and graphing scripts |
---|
[7c5d673] | 16 | * Added support for accepting encrypted private key with passphrase |
---|
| 17 | for principal credential creation and for attribute rule creation |
---|
| 18 | * API is expanded to allow specifying private key file and passphrase |
---|
| 19 | file |
---|
| 20 | * creddy attribute and generate options are expanded to accept |
---|
| 21 | a specific private key and allowing passphrase option |
---|
| 22 | * a new keycheck option is added to creddy to do access check on |
---|
| 23 | a key file (encrypted and none encrypted) |
---|
[abf8d5d] | 24 | * added encryption/passphrase examples |
---|
[7c5d673] | 25 | * migrate the sample scripts that used to be under swig directory to |
---|
| 26 | examples directory and setup as part of regression test suite |
---|
| 27 | * add examples for timing/performance runs |
---|
| 28 | * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing |
---|
| 29 | the buffer repeatedly and progressively if the initial size is too small |
---|
| 30 | * tested with Yap 6.2.3 but not required |
---|
[ba6027a] | 31 | |
---|
[888df49] | 32 | = 0.2.1 = |
---|
[2efdff5] | 33 | |
---|
[7c5d673] | 34 | 2012-07-06 |
---|
| 35 | |
---|
| 36 | * The API visible to programmers is much richer and should make |
---|
| 37 | development simpler. As part of this, the libcreddy/libabac |
---|
| 38 | distinction has disappeared. All libcreddy functions are now |
---|
| 39 | available through libabac. |
---|
| 40 | * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very |
---|
| 41 | outdated. |
---|
| 42 | * Added more examples and documentation. |
---|
| 43 | * add a new '--subject-link' option to creddy --attribute to hold the |
---|
| 44 | linking role |
---|
| 45 | * add --dbdump option to abac_prover_yap to retrieve all prolog clauses |
---|
| 46 | stored in the db |
---|
| 47 | |
---|
| 48 | WARNING |
---|
| 49 | - There are occasional spurious error messages originated |
---|
| 50 | from Strongswan during access of the attribute credentials. Those |
---|
| 51 | messages are due to libstrongswan mishandling certain values of |
---|
| 52 | authorizedKeyIdentifier in a non-destructive way. While we are |
---|
| 53 | working with the strongswan developers to remove these messages, they |
---|
| 54 | should not affect ABAC in any way. |
---|
| 55 | |
---|
| 56 | Here are sample messages: |
---|
| 57 | |
---|
| 58 | L6 - keyIdentifier: length of ASN.1 object invalid or too large |
---|
| 59 | L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large |
---|
| 60 | |
---|
| 61 | Do report to us if your ABAC is not behaving as |
---|
| 62 | expected and messages like above seem to be a factor.. |
---|
| 63 | |
---|
[888df49] | 64 | = 0.2.0 = |
---|
[7c5d673] | 65 | |
---|
| 66 | 2012-02-27 |
---|
| 67 | |
---|
| 68 | * '''API-breaking change''': libcreddy ID and attribute cert creation validity |
---|
| 69 | periods are now measured in seconds |
---|
| 70 | * significant performance improvements on Linux, see [source:doc/INSTALL] for |
---|
| 71 | configure flags |
---|
| 72 | * [CredPrinterDocs credential printer] |
---|
| 73 | * several bugs and segfaults fixed |
---|
[888df49] | 74 | |
---|
| 75 | = 0.1.3 = |
---|
[7c5d673] | 76 | |
---|
| 77 | 2011-03-30 |
---|
| 78 | |
---|
| 79 | * native Java support |
---|
| 80 | * many, many bugfixes |
---|
[888df49] | 81 | |
---|
| 82 | = 0.1.2 = |
---|
[7c5d673] | 83 | |
---|
| 84 | 2010-10-01 |
---|
| 85 | |
---|
| 86 | * libcreddy extracted |
---|
| 87 | * credddy rewritten to use libcreddy |
---|
| 88 | * sample code for libcreddy in python |
---|
[888df49] | 89 | |
---|
| 90 | = 0.1.1 = |
---|
[7c5d673] | 91 | |
---|
| 92 | 2010-09-17, updated 2010-09-20 |
---|
| 93 | |
---|
| 94 | * Support for intersection rules |
---|
| 95 | * Support for encrypted private keys |
---|
| 96 | * Build issues on FreeBSD addressed |
---|
[888df49] | 97 | |
---|
[549656e] | 98 | |
---|