= 0.2.3 = 2012-11-YY * Added java libabac regression tests in example_scripts/java * Added java interface to libabac using JNI generated via SWIG Currently, we are seeing a threading collision with libstrongswan's (strongswan-4.6.4) threads_deinit() where the main_thread becomes NULL (line #476). This new java portion only works if a temporary check is made in strongswan's code base. * Added default partial proof generation upon fact query failure * Added new python attribute and id example tests for the new api calls * Added a new Attribute api call, ABAC::Attribute::Attribute_chunk, creating Attribute from a certificate chunk (Ezra) * Added a new ID api call, ABAC::ID::ID_chunk, creating ID from a certificate chunk(Ezra) = 0.2.2 = 2012-09-26 * Remove the self-signing verification check in abac_verifier to allow none self-signing principal credential * Replaced cn extraction code used in libabac with a more generalized method that retrieves the last "CN=" term from the subject line of a principal credential before chopping it out * Added a new API call, next_proof (abac_context_query_again) that can force YAP to backtrack and produce a new solution proof if exists * New performance testing setup under examples directory. Added plotting and graphing scripts * Updated examples directory to use Makefile, added performance testing setup, plotting scripts, and graphing scripts * Added support for accepting encrypted private key with passphrase for principal credential creation and for attribute rule creation * API is expanded to allow specifying private key file and passphrase file * creddy attribute and generate options are expanded to accept a specific private key and allowing passphrase option * a new keycheck option is added to creddy to do access check on a key file (encrypted and none encrypted) * added encryption/passphrase examples * migrate the sample scripts that used to be under swig directory to examples directory and setup as part of regression test suite * add examples for timing/performance runs * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing the buffer repeatedly and progressively if the initial size is too small * tested with Yap 6.2.3 but not required = 0.2.1 = 2012-07-06 * The API visible to programmers is much richer and should make development simpler. As part of this, the libcreddy/libabac distinction has disappeared. All libcreddy functions are now available through libabac. * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very outdated. * Added more examples and documentation. * add a new '--subject-link' option to creddy --attribute to hold the linking role * add --dbdump option to abac_prover_yap to retrieve all prolog clauses stored in the db WARNING - There are occasional spurious error messages originated from Strongswan during access of the attribute credentials. Those messages are due to libstrongswan mishandling certain values of authorizedKeyIdentifier in a non-destructive way. While we are working with the strongswan developers to remove these messages, they should not affect ABAC in any way. Here are sample messages: L6 - keyIdentifier: length of ASN.1 object invalid or too large L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large Do report to us if your ABAC is not behaving as expected and messages like above seem to be a factor.. = 0.2.0 = 2012-02-27 * '''API-breaking change''': libcreddy ID and attribute cert creation validity periods are now measured in seconds * significant performance improvements on Linux, see [source:doc/INSTALL] for configure flags * [CredPrinterDocs credential printer] * several bugs and segfaults fixed = 0.1.3 = 2011-03-30 * native Java support * many, many bugfixes = 0.1.2 = 2010-10-01 * libcreddy extracted * credddy rewritten to use libcreddy * sample code for libcreddy in python = 0.1.1 = 2010-09-17, updated 2010-09-20 * Support for intersection rules * Support for encrypted private keys * Build issues on FreeBSD addressed