• The API visible to programmers is much richer and should make development simpler. As part of this, the libcreddy/libabac distinction has disappeared. All libcreddy functions are now available through libabac.
  • updated to use strongswan 4.6.4. Strongswan 4.4.0 had become very outdated.
  • Added more examples and documentation.
  • add a new '--subject-link' option to creddy --attribute to hold the linking role
  • add --dbdump option to abac_prover_yap to retrieve all prolog clauses stored in the db


  • There are occasional spurious error messages originated from Strongswan during access of the attribute credentials. Those messages are due to libstrongswan mishandling certain values of authorizedKeyIdentifier in a non-destructive way. While we are working with the strongswan developers to remove these messages, they should not affect ABAC in any way.

Here are sample messages:

L6 - keyIdentifier: length of ASN.1 object invalid or too large L6 - authorityCertSerialNumber: length of ASN.1 object invalid or too large

Do report to us if your ABAC is not behaving as expected and messages like above seem to be a factor..



  • API-breaking change: libcreddy ID and attribute cert creation validity periods are now measured in seconds
  • significant performance improvements on Linux, see doc/INSTALL for configure flags
  • credential printer
  • several bugs and segfaults fixed



  • native Java support
  • many, many bugfixes



  • libcreddy extracted
  • credddy rewritten to use libcreddy
  • sample code for libcreddy in python


2010-09-17, updated 2010-09-20

  • Support for intersection rules
  • Support for encrypted private keys
  • Build issues on FreeBSD addressed
Last modified 9 years ago Last modified on Jul 5, 2012 3:42:45 PM