From: cantor Date: Sat, 14 Jul 2007 00:17:24 +0000 (+0000) Subject: Update doc files, add release notes. X-Git-Tag: 2.4~844 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=74520a6d3ec90bc5a2c67e48a149a9e757428a5f;p=shibboleth%2Fsp.git Update doc files, add release notes. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2356 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/doc/CREDITS.txt b/doc/CREDITS.txt index 955060f..5b72040 100755 --- a/doc/CREDITS.txt +++ b/doc/CREDITS.txt @@ -6,7 +6,7 @@ Shibboleth Implementation Team Internet2 ndk@internet2.edu - Programming + Design and Programming Derek Atkins IHTFP Consulting, Inc @@ -15,15 +15,35 @@ Shibboleth Implementation Team Scott Cantor The Ohio State University cantor.2@osu.edu - - Howard Gilbert - Yale University - Howard.Gilbert@yale.edu + + Jim Fox + University of Washington + fox@washington.edu Walter Hoehn The University of Memphis wassa@memphis.edu + Chad LaJoie + Georgetown University + lajoie@georgetown.edu + + Derek Morr + Penn State University + dvm105@psu.edu + + Will Norris + USC + wnorris@usc.edu + + Brent Putman + Georgetown University + putmanb@georgetown.edu + + Rod Widdowson + Steading Software, Inc. + rdw@steadingsoftware.com + Project Management RL "Bob" Morgan @@ -63,14 +83,7 @@ Thanks to: Joel Murphy (Buffalo), for much help with load testing and generally pushing the software to its limits. - Derek Morr (PSU) for improving the Crypto Handle Repository. - Vishal Goenka (SunGard SCT) for contributing some useful resolver plugins - Chad La Joie (Georgetown) for lots of helpful patches leading up to the - 1.3 release - - Will Norris (Memphis) for creating the ant IdP install tasks - Ian Young for donating XSLT scripts for converting metadata across Shibboleth versions \ No newline at end of file diff --git a/doc/Makefile.am b/doc/Makefile.am index 7867bab..b95ef27 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,9 +7,9 @@ docfiles = \ INSTALL.txt \ INSTALL-WIN32.txt \ LICENSE.txt \ - NEWS.txt \ NOTICE.txt \ README.txt \ + RELEASE.txt \ OPENSSL.LICENSE \ LOG4CPP.LICENSE \ main.css \ diff --git a/doc/NEWS.txt b/doc/NEWS.txt deleted file mode 100644 index 6b091d7..0000000 --- a/doc/NEWS.txt +++ /dev/null @@ -1,171 +0,0 @@ -9/1/05 -Version 1.3a - -Fix for secadv 20050901 - -7/15/05 -Version 1.3 - -See http://shibboleth.internet2.edu for details of this -new major release. - -11/15/04 -Version 1.2.1 - -This release is a fully compatible minor update -to the Shibboleth 1.2.1 release. It addesses problems -and small functional gaps identified since the release -of the previous version. - -New features in 1.2 -------------------- -Support for the target software on Mac OS X - -Improved target RequestMap handling of web sites -running on both http and https. - -Bug Fixes ---------- -Target build scripts better detect and handle threading -and RPC issues. - -Variety of target race conditions and exceptions in RPC -and socket handling. - -Bugs in assertion condition handling. - -Target RequestMap should ignore query strings. - -Fixed the library path in Windows resolvertest batch -file loader. - -Fixed a crash in extkeytool program. - -Fixed a file descriptor leak in the IdP. - -Fixed a bug that prevented the HS from supporting -multiple SAML Name Identifier formats. - -The attribute resolver now retains the order of attribute -values obtained from data connectors. - -The JDBC Data Connector ignores case when mapping -sourceName to the attribute name. - -Minor udpates to documentation. - -Rev'd dependant java libraries (Xerces, Commons Pool, -Commons DBCP) - - -------- -4/30/04 -Version 1.2 - -This release represents a fully compatible minor update -to the Shibboleth 1.0 release, and is considered to be -ready for production use. - -New features in 1.2 - -Origin ------------------ - -Multi-federation support. Most origin configuration, -including signing credentials and identifiers, can be -overriden depending on the recipient of the assertions. - -Simplified application architecture. Both origins -and targets now reference each other using a single -identifier called a "provider id". - -The Attribute Authority can be configured to answer -requests with multiple SAML Subject formats, -increasing interoperability with other SAML-based -software. - -Signing credentials can now be loaded from a variety -of formats, including those commonly used with OpenSSL. - -The origin now validates all requests from 1.2+ targets -against federation metadata. - -Compatibility with 1.1 targets using a "legacy" or -"default" configuration. - -Separate logs are created for errors and transaction -auditing. - -Easier logging configuration. - -Support is included for pulling attribute data from SQL -databases using JDBC. The JDBC Data Connector includes -support for conection pooling and prepared statements. - -Mechanism for throttling requests to the Handle Service. -This improves performance by preventing the server from -becoming saturated with signing requests. Throttle can -be adjusted based for servers with more than two CPUs. - -Support for signatures on all SAML Assertions and -Responses, which allows for more interoperability -with other SAML-based software and profiles. - -Attribute Release Policies can contain match functions -on attribute values. This allows the release of specific -values based on regular expression. - -Support has been added to the Attribute Authority for -using alternate data connectors in the event of a -failure. - -The resolvertest program can now process and enforce -Attribute Release Policies. - -Updated library dependencies, including OpenSAML and XML -Security, with substantial performance improvements when -signing. - -Many important bug fixes - - -Target ------------------ - -New XML-based configuration system supporting runtime -adjustment of many settings and better integration with -supplemental configuration files - -Ability to partition deployment into "Applications" at the -vhost, path, or document level - -"Lazy" sessions allow applications to redirect browser -to initiate a session, allowing content to decide it -needs authentication or attributes at runtime - -Flexible support for multi-federation deployment, including -selection of credentials and authorities based on the request -and the origin site or federation - -Support for more types of key and certificate formats - -Improved pluggability for many aspects of system, including -access control modules - -Clearer trace logging and support for a transaction/audit log - -Pooling and caching of HTTP and TLS connections to origins - -Support for alternative SAML name formats for intra-enterprise -deployments and better interoperability with SAML products - -Support for tailoring attribute query behavior, particularly -non-fatal failure modes for intelligent applications prepared -to deal with missing information - -Updated library dependencies, including OpenSAML, Xerces parser, -XML Security, and support for all GCC 3.x compiler versions - -Support for Apache 2.0 as well as Apache 1.3 and IIS - -Many important bug fixes diff --git a/doc/README.txt b/doc/README.txt index 427b26f..c23b71b 100644 --- a/doc/README.txt +++ b/doc/README.txt @@ -1,5 +1,5 @@ -June 10, 2007 -Version 2.0alpha1 +July 13, 2007 +Version 2.0alpha2 Welcome to Internet2's Shibboleth diff --git a/doc/RELEASE.txt b/doc/RELEASE.txt new file mode 100644 index 0000000..ee39fe5 --- /dev/null +++ b/doc/RELEASE.txt @@ -0,0 +1,85 @@ +Release Notes + +Shibboleth Native SP +2.0alpha2 +7/13/2007 + +Fully Supported (no major changes planned prior to stable release) + +- SAML 1.0, 1.1, 2.0 Single Sign-On + - Shibboleth 1.x request profile + - 1.x POST/Artifact profiles + - 2.0 HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings + +- SAML 1.0, 1.1, 2.0 Attribute Query via Attribute Resolver plugin + - SAML SOAP binding + +- Shibboleth WAYF and SAML DS protocols for IdP Discovery + +- Metadata Providers + - Bulk resolution via local file, or URL with local file backup + - Filtering based on whitelist, blacklist, or signature verification + +- Trust Engines + - Explicit key via metadata and PKIX engines, superset compatible with 1.3 + +- Configurable per-endpoint Security Policy rules + - SAML 1/2 message processing + - Replay and freshness detection + - XML signing + - Simple "blob" signing + - TLS client certificates + +- Client transport authentication to SOAP endpoints + - TLS client certificates + - Basic-Auth + - Digest-Auth + - NTLM + +- Encryption + - All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute) + - Optional outgoing encryption of NameID in requests and responses + +- Attributes + - Decoding and exporting SAML 1 and 2 attributes + - Strings + - Value/scope pairs (legacy and value@scope syntaxes supported) + - NameIDs + +- Attribute Filtering + - Policy language compatible with IdP filtering, except that references + only work within policy files, not across them + - Rules based on, attribute issuer, requester, scope, and value, authentication + method, based on exact string and regular expressions. + - Boolean functions supporting AND, OR, and NOT for use in composing rules + - Wildcard rules allowing all unspecified attributes through with no filtering + +- Assertion Export + - Oversized header replaced with Shib-Assertion-Count and Shib-Assertion-NN headers + containing local URL to fetch SAML assertion using HTTP GET + +- Enhanced Spoofing Detection + - Detects and blocks client headers that would match known attribute headers + +- ODBC Clustering Support + - Only tested against Microsoft SQL Server using MS and FreeDTS ODBC drivers + +------ + +Partially Supported (lightly or untested, probably contain bugs, may change significantly) + +- SAML 2.0 Single Logout and Local-Only Logout + - Full support implemented but untested and unlikely to work + - Race detection to prevent late arriving assertions not yet implemented + - Front channel application notification implemented but intested + - Back channel application notification not yet implemented + +------ + +Not Yet Supported + +- ADFS / WS-Federation Support +- Upgrade installations on Windows +- Migrating 1.3 configuration files + +------ diff --git a/shibboleth.spec.in b/shibboleth.spec.in index 1930de9..88b8e5a 100644 --- a/shibboleth.spec.in +++ b/shibboleth.spec.in @@ -1,7 +1,7 @@ Name: shibboleth Summary: Open source system to enable inter-institutional resource sharing Version: @-VERSION-@ -Release: 1 +Release: 2 #Copyright: Internet2 Group: System Environment/Libraries License: Apache style @@ -159,8 +159,8 @@ restorecon %{_sbindir}/shibd %files -f rpm.filelist %defattr(-,root,root,-) -%doc _docs/CREDITS.txt _docs/NOTICE.txt _docs/NEWS.txt _docs/logo.jpg -%doc _docs/main.css _docs/README.txt _docs/LICENSE.txt +%doc _docs/CREDITS.txt _docs/LICENSE.txt _docs/NOTICE.txt _docs/README.txt _docs/RELEASE.txt +%doc _docs/logo.jpg _docs/main.css %{_sbindir}/shibd %{_sbindir}/siterefresh %{_bindir}/samlquery @@ -192,6 +192,12 @@ restorecon %{_sbindir}/shibd %{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te %changelog +* Fri Jul 13 2007 Scott Cantor - 2.0-2 +- Second alpha release + +* Sun Jun 10 2007 Scott Cantor - 2.0-1 +- First alpha release + * Mon Oct 2 2006 Scott Cantor - 1.3-11 - Applied fix for secadv 20061002 - Fix for metadata loader loop