= 0.2.4 = 2013-0Y-0Y * Included compress/decompress from libZ to make abac_encode_string() and abac_decode_string() more space conscious * Expanded '?This' from just principal type to any other valid type when accepting RT2 syntax * Added a new attribute_now option to creddy that will take a whole typed attribute policy input string and generate a credential * Changed m64 encoding/decoding to use libstrongswan chunk utility (libstrongswan's IETF_GROUP_ATTR is size limited) * Allow role/oset constraining condition to be linked role or linked oset * Supplemented query processing to work with YAP 6.3 series. There was a change in YAP's result format. * Modularized parts of libabac to plan for enabling threading (more to come) * Added regression test suites for multiple contexts (python_tests/Y_ctxt_Y) * Added support for multiple contexts within a session and enabled context duplication (branch mei_rt2_fix_1) * Moved insertion of ID credentials to ID constructors. This code is going to change in multi-context version because some sanity checks got voided by this change (Jeff) * Updated ax_check_jni.m4, configure.ac and creddy.c for Mac (supplied by Victor) * Took out /usr/local/lib dependency from java regression tests example/example_scripts/java, swig/java (Anddrew) = 0.2.3 = 2013-01-15 * Patched Yap to run on FreeBSD9.1 * Added a configuration check for thread linked perl * Added option to disable the generation of swig/java directory when configured with --disable-java-feature or when jni.h is not found (Ezra) * Added Java libabac regression tests in example_scripts/java * Added Java interface to libabac using JNI generated via SWIG (Remember to take down the context with free_context_now() instead of counting on the destructor, this is to avoid the threading problem in libstrongswan when it got GC'ed prematurely by Java, see swig/java/ProverTest.java) * Added default partial proof generation upon fact query failure * Added new python attribute and id example tests for the new api calls * Added a new Attribute api call, ABAC::Attribute::Attribute_chunk, creating Attribute from a certificate chunk (Ezra) * Added a new ID api call, ABAC::ID::ID_chunk, creating ID from a certificate chunk (Ezra) = 0.2.2 = 2012-09-26 * Remove the self-signing verification check in abac_verifier to allow none self-signing principal credential * Replaced cn extraction code used in libabac with a more generalized method that retrieves the last "CN=" term from the subject line of a principal credential before chopping it out * Added a new API call, next_proof (abac_context_query_again) that can force YAP to backtrack and produce a new solution proof if exists * New performance testing setup under examples directory. Added plotting and graphing scripts * Updated examples directory to use Makefile, added performance testing setup, plotting scripts, and graphing scripts * Added support for accepting encrypted private key with passphrase for principal credential creation and for attribute rule creation * API is expanded to allow specifying private key file and passphrase file * creddy attribute and generate options are expanded to accept a specific private key and allowing passphrase option * a new keycheck option is added to creddy to do access check on a key file (encrypted and none encrypted) * added encryption/passphrase examples * migrate the sample scripts that used to be under swig directory to examples directory and setup as part of regression test suite * add examples for timing/performance runs * change the proof buffer allocation to YAP_AllocSpaceFromYap and sizing the buffer repeatedly and progressively if the initial size is too small * tested with Yap 6.2.3 but not required = 0.2.1 = 2012-07-06 * The API visible to programmers is much richer and should make development simpler. As part of this, the libcreddy/libabac distinction has disappeared. All libcreddy functions are now available through libabac. * updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very outdated. * Added more examples and documentation. * add a new '--subject-link' option to creddy --attribute to hold the linking role * add --dbdump option to abac_prover_yap to retrieve all prolog clauses stored in the db WARNING - There are occasional spurious error messages originated from Strongswan during access of the attribute credentials. Those messages are due to libstrongswan mishandling certain values of authorizedKeyIdentifier in a non-destructive way. While we are working with the strongswan developers to remove these messages, they should not affect ABAC in any way. Here are sample messages: L6 - keyIdentifier: length of ASN.1 object invalid or too large L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large Do report to us if your ABAC is not behaving as expected and messages like above seem to be a factor.. = 0.2.0 = 2012-02-27 * '''API-breaking change''': libcreddy ID and attribute cert creation validity periods are now measured in seconds * significant performance improvements on Linux, see [source:doc/INSTALL] for configure flags * [CredPrinterDocs credential printer] * several bugs and segfaults fixed = 0.1.3 = 2011-03-30 * native Java support * many, many bugfixes = 0.1.2 = 2010-10-01 * libcreddy extracted * credddy rewritten to use libcreddy * sample code for libcreddy in python = 0.1.1 = 2010-09-17, updated 2010-09-20 * Support for intersection rules * Support for encrypted private keys * Build issues on FreeBSD addressed