1 | |
---|
2 | = 0.2.3.1 = |
---|
3 | |
---|
4 | 2013-0X-0X (branch mei_rt2_fix_1) |
---|
5 | * Moved insertion of ID credentials to ID constructors. This |
---|
6 | code is going to change in multi-context version because |
---|
7 | some sanity checks got voided by this change (Jeff) |
---|
8 | * Updated ax_check_jni.m4, configure.ac and creddy.c for Mac |
---|
9 | (supplied by Victor) |
---|
10 | * Took out /usr/local/lib from example/example_scripts/java, |
---|
11 | swig/java (Anddrew) |
---|
12 | |
---|
13 | = 0.2.3 = |
---|
14 | |
---|
15 | 2013-01-15 |
---|
16 | * Patched Yap to run on FreeBSD9.1 |
---|
17 | * Added a configuration check for thread linked perl |
---|
18 | * Added option to disable the generation of swig/java directory |
---|
19 | when configured with --disable-java-feature or when jni.h is |
---|
20 | not found (Ezra) |
---|
21 | * Added Java libabac regression tests in example_scripts/java |
---|
22 | * Added Java interface to libabac using JNI generated via SWIG |
---|
23 | (Remember to take down the context with free_context_now() |
---|
24 | instead of counting on the destructor, this is to avoid the |
---|
25 | threading problem in libstrongswan when it got GC'ed |
---|
26 | prematurely by Java, see swig/java/ProverTest.java) |
---|
27 | * Added default partial proof generation upon fact query failure |
---|
28 | * Added new python attribute and id example tests for the new |
---|
29 | api calls |
---|
30 | * Added a new Attribute api call, ABAC::Attribute::Attribute_chunk, |
---|
31 | creating Attribute from a certificate chunk (Ezra) |
---|
32 | * Added a new ID api call, ABAC::ID::ID_chunk, creating ID from a |
---|
33 | certificate chunk (Ezra) |
---|
34 | |
---|
35 | = 0.2.2 = |
---|
36 | |
---|
37 | 2012-09-26 |
---|
38 | |
---|
39 | * Remove the self-signing verification check in abac_verifier to allow |
---|
40 | none self-signing principal credential |
---|
41 | * Replaced cn extraction code used in libabac with a more generalized |
---|
42 | method that retrieves the last "CN=" term from the subject line |
---|
43 | of a principal credential before chopping it out |
---|
44 | * Added a new API call, next_proof (abac_context_query_again) that can |
---|
45 | force YAP to backtrack and produce a new solution proof if exists |
---|
46 | * New performance testing setup under examples directory. Added |
---|
47 | plotting and graphing scripts |
---|
48 | * Updated examples directory to use Makefile, added performance |
---|
49 | testing setup, plotting scripts, and graphing scripts |
---|
50 | * Added support for accepting encrypted private key with passphrase |
---|
51 | for principal credential creation and for attribute rule creation |
---|
52 | * API is expanded to allow specifying private key file and passphrase |
---|
53 | file |
---|
54 | * creddy attribute and generate options are expanded to accept |
---|
55 | a specific private key and allowing passphrase option |
---|
56 | * a new keycheck option is added to creddy to do access check on |
---|
57 | a key file (encrypted and none encrypted) |
---|
58 | * added encryption/passphrase examples |
---|
59 | * migrate the sample scripts that used to be under swig directory to |
---|
60 | examples directory and setup as part of regression test suite |
---|
61 | * add examples for timing/performance runs |
---|
62 | * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing |
---|
63 | the buffer repeatedly and progressively if the initial size is too small |
---|
64 | * tested with Yap 6.2.3 but not required |
---|
65 | |
---|
66 | = 0.2.1 = |
---|
67 | |
---|
68 | 2012-07-06 |
---|
69 | |
---|
70 | * The API visible to programmers is much richer and should make |
---|
71 | development simpler. As part of this, the libcreddy/libabac |
---|
72 | distinction has disappeared. All libcreddy functions are now |
---|
73 | available through libabac. |
---|
74 | * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very |
---|
75 | outdated. |
---|
76 | * Added more examples and documentation. |
---|
77 | * add a new '--subject-link' option to creddy --attribute to hold the |
---|
78 | linking role |
---|
79 | * add --dbdump option to abac_prover_yap to retrieve all prolog clauses |
---|
80 | stored in the db |
---|
81 | |
---|
82 | WARNING |
---|
83 | - There are occasional spurious error messages originated |
---|
84 | from Strongswan during access of the attribute credentials. Those |
---|
85 | messages are due to libstrongswan mishandling certain values of |
---|
86 | authorizedKeyIdentifier in a non-destructive way. While we are |
---|
87 | working with the strongswan developers to remove these messages, they |
---|
88 | should not affect ABAC in any way. |
---|
89 | |
---|
90 | Here are sample messages: |
---|
91 | |
---|
92 | L6 - keyIdentifier: length of ASN.1 object invalid or too large |
---|
93 | L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large |
---|
94 | |
---|
95 | Do report to us if your ABAC is not behaving as |
---|
96 | expected and messages like above seem to be a factor.. |
---|
97 | |
---|
98 | = 0.2.0 = |
---|
99 | |
---|
100 | 2012-02-27 |
---|
101 | |
---|
102 | * '''API-breaking change''': libcreddy ID and attribute cert creation validity |
---|
103 | periods are now measured in seconds |
---|
104 | * significant performance improvements on Linux, see [source:doc/INSTALL] for |
---|
105 | configure flags |
---|
106 | * [CredPrinterDocs credential printer] |
---|
107 | * several bugs and segfaults fixed |
---|
108 | |
---|
109 | = 0.1.3 = |
---|
110 | |
---|
111 | 2011-03-30 |
---|
112 | |
---|
113 | * native Java support |
---|
114 | * many, many bugfixes |
---|
115 | |
---|
116 | = 0.1.2 = |
---|
117 | |
---|
118 | 2010-10-01 |
---|
119 | |
---|
120 | * libcreddy extracted |
---|
121 | * credddy rewritten to use libcreddy |
---|
122 | * sample code for libcreddy in python |
---|
123 | |
---|
124 | = 0.1.1 = |
---|
125 | |
---|
126 | 2010-09-17, updated 2010-09-20 |
---|
127 | |
---|
128 | * Support for intersection rules |
---|
129 | * Support for encrypted private keys |
---|
130 | * Build issues on FreeBSD addressed |
---|
131 | |
---|
132 | |
---|