source: doc/ChangeLog @ 2e9455f

mei_rt2
Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 12 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule

  • Property mode set to 100644
File size: 6.5 KB
RevLine 
[2e9455f]1= 0.2.4 =
2
3    2013-0Y-0Y
4        * Included compress/decompress from libZ to make
5          abac_encode_string() and abac_decode_string() more space
6          conscious
7        * Expanded '?This' from just principal type to any other valid
8          type when accepting RT2 syntax
9        * Added a new attribute_now option to creddy that will take
10          a whole typed attribute policy input string and generate
11          a credential
12        * Changed m64 encoding/decoding to use libstrongswan chunk
13          utility
14          (libstrongswan's IETF_GROUP_ATTR is size limited)
15        * Allow role/oset constraining condition to be linked role
16          or linked oset
17        * Supplemented query processing to work with YAP 6.3 series.
18          There was a change in YAP's result format.
19        * Modularized parts of libabac to plan for enabling
20          threading (more to come)
21        * Added regression test suites for multiple contexts
22          (python_tests/Y_ctxt_Y)
23        * Added support for multiple contexts within a session and
24          enabled context duplication
25
26    (branch mei_rt2_fix_1)
27        * Moved insertion of ID credentials to ID constructors. This
28          code is going to change in multi-context version because
29          some sanity checks got voided by this change (Jeff) 
30        * Updated ax_check_jni.m4, configure.ac and creddy.c for Mac
31          (supplied by Victor)
32        * Took out /usr/local/lib dependency from java regression tests
33          example/example_scripts/java, swig/java (Anddrew)
34
[09496b3]35= 0.2.3 =
36
[9f73492]37    2013-01-15
[4f40c3e]38        * Patched Yap to run on FreeBSD9.1
[46df1bc]39        * Added a configuration check for thread linked perl
[09531ca]40        * Added option to disable the generation of swig/java directory
41          when configured with --disable-java-feature or when jni.h is
42          not found (Ezra)
[695abc7]43        * Added Java libabac regression tests in example_scripts/java
44        * Added Java interface to libabac using JNI generated via SWIG
[e3c7769]45          (Remember to take down the context with free_context_now()
46          instead of counting on the destructor, this is to avoid the
47          threading problem in libstrongswan when it got GC'ed
48          prematurely by Java, see swig/java/ProverTest.java)
[646e57e]49        * Added default partial proof generation upon fact query failure
[b8a6fd2a]50        * Added new python attribute and id example tests for the new
51          api calls
52        * Added a new Attribute api call, ABAC::Attribute::Attribute_chunk,
53          creating Attribute from a certificate chunk (Ezra)
54        * Added a new ID api call, ABAC::ID::ID_chunk, creating ID from a
[e3c7769]55          certificate chunk (Ezra)
[09496b3]56
[ba6027a]57= 0.2.2 =
[7c5d673]58
[c67bfa3]59     2012-09-26
[7c5d673]60
[c67bfa3]61        * Remove the self-signing verification check in abac_verifier to allow
62          none self-signing principal credential
63        * Replaced cn extraction code used in libabac with a more generalized
[6244e28]64          method that retrieves the last "CN=" term from the subject line
65          of a principal credential before chopping it out
[abf8d5d]66        * Added a new API call, next_proof (abac_context_query_again) that can
67          force YAP to backtrack and produce a new solution proof if exists
68        * New performance testing setup under examples directory. Added
69          plotting and graphing scripts
70        * Updated examples directory to use Makefile, added performance
71          testing setup, plotting scripts, and graphing scripts
[7c5d673]72        * Added support for accepting encrypted private key with passphrase
73          for principal credential creation and for attribute rule creation
74        * API is expanded to allow specifying private key file and passphrase
75          file
76        * creddy attribute and generate options are expanded to accept
77          a specific private key and allowing passphrase option
78        * a new keycheck option is added to creddy to do access check on
79          a key file (encrypted and none encrypted)
[abf8d5d]80        * added encryption/passphrase examples
[7c5d673]81        * migrate the sample scripts that used to be under swig directory to
82          examples directory and setup as part of regression test suite
83        * add examples for timing/performance runs
84        * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing
85          the buffer repeatedly and progressively if the initial size is too small
86        * tested with Yap 6.2.3 but not required
[ba6027a]87
[888df49]88= 0.2.1 =
[2efdff5]89
[7c5d673]90     2012-07-06
91 
92        * The API visible to programmers is much richer and should make
93          development simpler.  As part of this, the libcreddy/libabac
94          distinction has disappeared.  All libcreddy functions are now
95          available through libabac.
96        * updated to use strongswan 4.6.4.  Strongswan 4.4.0 had become very
97          outdated.
98        * Added more examples and documentation.
99        * add a new '--subject-link' option to creddy --attribute to hold the
100          linking role
101        * add --dbdump option to abac_prover_yap to retrieve all prolog clauses
102          stored in the db
103       
104       WARNING
105       - There are occasional spurious error messages originated
106         from Strongswan during access of the attribute credentials.  Those
107         messages are due to libstrongswan mishandling certain values of
108         authorizedKeyIdentifier in a non-destructive way.  While we are
109         working with the strongswan developers to remove these messages, they
110         should not affect ABAC in any way.
111       
112         Here are sample messages:
113       
114         L6 - keyIdentifier:  length of ASN.1 object invalid or too large
115         L6 - authorityCertSerialNumber:  length of ASN.1 object invalid or too large
116       
117         Do report to us if your ABAC is not behaving as
118         expected and messages like above seem to be a factor..
119       
[888df49]120= 0.2.0 =
[7c5d673]121
122     2012-02-27
123
124        * '''API-breaking change''': libcreddy ID and attribute cert creation validity
125          periods are now measured in seconds
126        * significant performance improvements on Linux, see [source:doc/INSTALL] for
127          configure flags
128        * [CredPrinterDocs credential printer]
129        * several bugs and segfaults fixed
[888df49]130
131= 0.1.3 =
[7c5d673]132
133     2011-03-30
134
135        * native Java support
136        * many, many bugfixes
[888df49]137
138= 0.1.2 =
[7c5d673]139
140     2010-10-01
141
142        * libcreddy extracted
143        * credddy rewritten to use libcreddy
144        * sample code for libcreddy in python
[888df49]145
146= 0.1.1 =
[7c5d673]147
148     2010-09-17, updated 2010-09-20
149
150        * Support for intersection rules
151        * Support for encrypted private keys
152        * Build issues on FreeBSD addressed
[888df49]153
[549656e]154
Note: See TracBrowser for help on using the repository browser.