-6/1/03
-Version 1.0
+9/1/05
+Version 1.3a
-This is the fourth major public release of code for the Shibboleth project,
-and the first to be considered ready for production use.
+Fix for secadv 20050901
-Features and Changes
+7/15/05
+Version 1.3
+
+See http://shibboleth.internet2.edu for details of this
+new major release.
+
+11/15/04
+Version 1.2.1
+
+This release is a fully compatible minor update
+to the Shibboleth 1.2.1 release. It addesses problems
+and small functional gaps identified since the release
+of the previous version.
+
+New features in 1.2
+-------------------
+Support for the target software on Mac OS X
+
+Improved target RequestMap handling of web sites
+running on both http and https.
+
+Bug Fixes
+---------
+Target build scripts better detect and handle threading
+and RPC issues.
+
+Variety of target race conditions and exceptions in RPC
+and socket handling.
+
+Bugs in assertion condition handling.
+
+Target RequestMap should ignore query strings.
+
+Fixed the library path in Windows resolvertest batch
+file loader.
+
+Fixed a crash in extkeytool program.
+
+Fixed a file descriptor leak in the IdP.
+
+Fixed a bug that prevented the HS from supporting
+multiple SAML Name Identifier formats.
+
+The attribute resolver now retains the order of attribute
+values obtained from data connectors.
+
+The JDBC Data Connector ignores case when mapping
+sourceName to the attribute name.
+
+Minor udpates to documentation.
+
+Rev'd dependant java libraries (Xerces, Commons Pool,
+Commons DBCP)
+
+
+-------
+4/30/04
+Version 1.2
+
+This release represents a fully compatible minor update
+to the Shibboleth 1.0 release, and is considered to be
+ready for production use.
+
+New features in 1.2
Origin
+-----------------
+
+Multi-federation support. Most origin configuration,
+including signing credentials and identifiers, can be
+overriden depending on the recipient of the assertions.
+
+Simplified application architecture. Both origins
+and targets now reference each other using a single
+identifier called a "provider id".
+
+The Attribute Authority can be configured to answer
+requests with multiple SAML Subject formats,
+increasing interoperability with other SAML-based
+software.
+
+Signing credentials can now be loaded from a variety
+of formats, including those commonly used with OpenSSL.
+
+The origin now validates all requests from 1.2+ targets
+against federation metadata.
+
+Compatibility with 1.1 targets using a "legacy" or
+"default" configuration.
+
+Separate logs are created for errors and transaction
+auditing.
+
+Easier logging configuration.
+
+Support is included for pulling attribute data from SQL
+databases using JDBC. The JDBC Data Connector includes
+support for conection pooling and prepared statements.
-New OpenSAML jarfile (see OpenSAML NEWS file)
+Mechanism for throttling requests to the Handle Service.
+This improves performance by preventing the server from
+becoming saturated with signing requests. Throttle can
+be adjusted based for servers with more than two CPUs.
-Rewritten Attribute Resolver system in AA to support easy
-addition of attributes at runtime, and simpler development
-of alternate attribute sources using Java.
+Support for signatures on all SAML Assertions and
+Responses, which allows for more interoperability
+with other SAML-based software and profiles.
-Bug fixes to attribute-specific queries
+Attribute Release Policies can contain match functions
+on attribute values. This allows the release of specific
+values based on regular expression.
-Support for SAML authentication method
+Support has been added to the Attribute Authority for
+using alternate data connectors in the event of a
+failure.
+
+The resolvertest program can now process and enforce
+Attribute Release Policies.
+
+Updated library dependencies, including OpenSAML and XML
+Security, with substantial performance improvements when
+signing.
+
+Many important bug fixes
Target
+-----------------
+
+New XML-based configuration system supporting runtime
+adjustment of many settings and better integration with
+supplemental configuration files
+
+Ability to partition deployment into "Applications" at the
+vhost, path, or document level
+
+"Lazy" sessions allow applications to redirect browser
+to initiate a session, allowing content to decide it
+needs authentication or attributes at runtime
+
+Flexible support for multi-federation deployment, including
+selection of credentials and authorities based on the request
+and the origin site or federation
+
+Support for more types of key and certificate formats
+
+Improved pluggability for many aspects of system, including
+access control modules
-Revamped security layer with XML-based trust metadata
+Clearer trace logging and support for a transaction/audit log
-Support for runtime refreshing of metadata from multiple sources
+Pooling and caching of HTTP and TLS connections to origins
-Command-line tool to download and verify metadata files
+Support for alternative SAML name formats for intra-enterprise
+deployments and better interoperability with SAML products
-Bug fixes to attribute handling
+Support for tailoring attribute query behavior, particularly
+non-fatal failure modes for intelligent applications prepared
+to deal with missing information
-Support for contact information in error pages
+Updated library dependencies, including OpenSAML, Xerces parser,
+XML Security, and support for all GCC 3.x compiler versions
-Fixes to handling of Unicode characters
+Support for Apache 2.0 as well as Apache 1.3 and IIS
-Support for alternate session backing stores
-(MySQL version shipped separately due to licensing)
+Many important bug fixes
projects / shibboleth / sp.git / blobdiff