| 1 | = 0.2.4 = |
|---|
| 2 | |
|---|
| 3 | 2013-0Y-0Y |
|---|
| 4 | * Included compress/decompress from libZ to make |
|---|
| 5 | abac_encode_string() and abac_decode_string() more space |
|---|
| 6 | conscious |
|---|
| 7 | * Expanded '?This' from just principal type to any other valid |
|---|
| 8 | type when accepting RT2 syntax |
|---|
| 9 | * Added a new attribute_now option to creddy that will take |
|---|
| 10 | a whole typed attribute policy input string and generate |
|---|
| 11 | a credential |
|---|
| 12 | * Changed m64 encoding/decoding to use libstrongswan chunk |
|---|
| 13 | utility |
|---|
| 14 | (libstrongswan's IETF_GROUP_ATTR is size limited) |
|---|
| 15 | * Allow role/oset constraining condition to be linked role |
|---|
| 16 | or linked oset |
|---|
| 17 | * Supplemented query processing to work with YAP 6.3 series. |
|---|
| 18 | There was a change in YAP's result format. |
|---|
| 19 | * Modularized parts of libabac to plan for enabling |
|---|
| 20 | threading (more to come) |
|---|
| 21 | * Added regression test suites for multiple contexts |
|---|
| 22 | (python_tests/Y_ctxt_Y) |
|---|
| 23 | * Added support for multiple contexts within a session and |
|---|
| 24 | enabled context duplication |
|---|
| 25 | |
|---|
| 26 | (branch mei_rt2_fix_1) |
|---|
| 27 | * Moved insertion of ID credentials to ID constructors. This |
|---|
| 28 | code is going to change in multi-context version because |
|---|
| 29 | some sanity checks got voided by this change (Jeff) |
|---|
| 30 | * Updated ax_check_jni.m4, configure.ac and creddy.c for Mac |
|---|
| 31 | (supplied by Victor) |
|---|
| 32 | * Took out /usr/local/lib dependency from java regression tests |
|---|
| 33 | example/example_scripts/java, swig/java (Anddrew) |
|---|
| 34 | |
|---|
| 35 | = 0.2.3 = |
|---|
| 36 | |
|---|
| 37 | 2013-01-15 |
|---|
| 38 | * Patched Yap to run on FreeBSD9.1 |
|---|
| 39 | * Added a configuration check for thread linked perl |
|---|
| 40 | * Added option to disable the generation of swig/java directory |
|---|
| 41 | when configured with --disable-java-feature or when jni.h is |
|---|
| 42 | not found (Ezra) |
|---|
| 43 | * Added Java libabac regression tests in example_scripts/java |
|---|
| 44 | * Added Java interface to libabac using JNI generated via SWIG |
|---|
| 45 | (Remember to take down the context with free_context_now() |
|---|
| 46 | instead of counting on the destructor, this is to avoid the |
|---|
| 47 | threading problem in libstrongswan when it got GC'ed |
|---|
| 48 | prematurely by Java, see swig/java/ProverTest.java) |
|---|
| 49 | * Added default partial proof generation upon fact query failure |
|---|
| 50 | * Added new python attribute and id example tests for the new |
|---|
| 51 | api calls |
|---|
| 52 | * Added a new Attribute api call, ABAC::Attribute::Attribute_chunk, |
|---|
| 53 | creating Attribute from a certificate chunk (Ezra) |
|---|
| 54 | * Added a new ID api call, ABAC::ID::ID_chunk, creating ID from a |
|---|
| 55 | certificate chunk (Ezra) |
|---|
| 56 | |
|---|
| 57 | = 0.2.2 = |
|---|
| 58 | |
|---|
| 59 | 2012-09-26 |
|---|
| 60 | |
|---|
| 61 | * Remove the self-signing verification check in abac_verifier to allow |
|---|
| 62 | none self-signing principal credential |
|---|
| 63 | * Replaced cn extraction code used in libabac with a more generalized |
|---|
| 64 | method that retrieves the last "CN=" term from the subject line |
|---|
| 65 | of a principal credential before chopping it out |
|---|
| 66 | * Added a new API call, next_proof (abac_context_query_again) that can |
|---|
| 67 | force YAP to backtrack and produce a new solution proof if exists |
|---|
| 68 | * New performance testing setup under examples directory. Added |
|---|
| 69 | plotting and graphing scripts |
|---|
| 70 | * Updated examples directory to use Makefile, added performance |
|---|
| 71 | testing setup, plotting scripts, and graphing scripts |
|---|
| 72 | * Added support for accepting encrypted private key with passphrase |
|---|
| 73 | for principal credential creation and for attribute rule creation |
|---|
| 74 | * API is expanded to allow specifying private key file and passphrase |
|---|
| 75 | file |
|---|
| 76 | * creddy attribute and generate options are expanded to accept |
|---|
| 77 | a specific private key and allowing passphrase option |
|---|
| 78 | * a new keycheck option is added to creddy to do access check on |
|---|
| 79 | a key file (encrypted and none encrypted) |
|---|
| 80 | * added encryption/passphrase examples |
|---|
| 81 | * migrate the sample scripts that used to be under swig directory to |
|---|
| 82 | examples directory and setup as part of regression test suite |
|---|
| 83 | * add examples for timing/performance runs |
|---|
| 84 | * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing |
|---|
| 85 | the buffer repeatedly and progressively if the initial size is too small |
|---|
| 86 | * tested with Yap 6.2.3 but not required |
|---|
| 87 | |
|---|
| 88 | = 0.2.1 = |
|---|
| 89 | |
|---|
| 90 | 2012-07-06 |
|---|
| 91 | |
|---|
| 92 | * The API visible to programmers is much richer and should make |
|---|
| 93 | development simpler. As part of this, the libcreddy/libabac |
|---|
| 94 | distinction has disappeared. All libcreddy functions are now |
|---|
| 95 | available through libabac. |
|---|
| 96 | * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very |
|---|
| 97 | outdated. |
|---|
| 98 | * Added more examples and documentation. |
|---|
| 99 | * add a new '--subject-link' option to creddy --attribute to hold the |
|---|
| 100 | linking role |
|---|
| 101 | * add --dbdump option to abac_prover_yap to retrieve all prolog clauses |
|---|
| 102 | stored in the db |
|---|
| 103 | |
|---|
| 104 | WARNING |
|---|
| 105 | - There are occasional spurious error messages originated |
|---|
| 106 | from Strongswan during access of the attribute credentials. Those |
|---|
| 107 | messages are due to libstrongswan mishandling certain values of |
|---|
| 108 | authorizedKeyIdentifier in a non-destructive way. While we are |
|---|
| 109 | working with the strongswan developers to remove these messages, they |
|---|
| 110 | should not affect ABAC in any way. |
|---|
| 111 | |
|---|
| 112 | Here are sample messages: |
|---|
| 113 | |
|---|
| 114 | L6 - keyIdentifier: length of ASN.1 object invalid or too large |
|---|
| 115 | L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large |
|---|
| 116 | |
|---|
| 117 | Do report to us if your ABAC is not behaving as |
|---|
| 118 | expected and messages like above seem to be a factor.. |
|---|
| 119 | |
|---|
| 120 | = 0.2.0 = |
|---|
| 121 | |
|---|
| 122 | 2012-02-27 |
|---|
| 123 | |
|---|
| 124 | * '''API-breaking change''': libcreddy ID and attribute cert creation validity |
|---|
| 125 | periods are now measured in seconds |
|---|
| 126 | * significant performance improvements on Linux, see [source:doc/INSTALL] for |
|---|
| 127 | configure flags |
|---|
| 128 | * [CredPrinterDocs credential printer] |
|---|
| 129 | * several bugs and segfaults fixed |
|---|
| 130 | |
|---|
| 131 | = 0.1.3 = |
|---|
| 132 | |
|---|
| 133 | 2011-03-30 |
|---|
| 134 | |
|---|
| 135 | * native Java support |
|---|
| 136 | * many, many bugfixes |
|---|
| 137 | |
|---|
| 138 | = 0.1.2 = |
|---|
| 139 | |
|---|
| 140 | 2010-10-01 |
|---|
| 141 | |
|---|
| 142 | * libcreddy extracted |
|---|
| 143 | * credddy rewritten to use libcreddy |
|---|
| 144 | * sample code for libcreddy in python |
|---|
| 145 | |
|---|
| 146 | = 0.1.1 = |
|---|
| 147 | |
|---|
| 148 | 2010-09-17, updated 2010-09-20 |
|---|
| 149 | |
|---|
| 150 | * Support for intersection rules |
|---|
| 151 | * Support for encrypted private keys |
|---|
| 152 | * Build issues on FreeBSD addressed |
|---|
| 153 | |
|---|
| 154 | |
|---|
