-9/1/05
-Version 1.3a
-
-Fix for secadv 20050901
-
-7/15/05
-Version 1.3
-
-See http://shibboleth.internet2.edu for details of this
-new major release.
-
-11/15/04
-Version 1.2.1
-
-This release is a fully compatible minor update
-to the Shibboleth 1.2.1 release. It addesses problems
-and small functional gaps identified since the release
-of the previous version.
-
-New features in 1.2
--------------------
-Support for the target software on Mac OS X
-
-Improved target RequestMap handling of web sites
-running on both http and https.
-
-Bug Fixes
----------
-Target build scripts better detect and handle threading
-and RPC issues.
-
-Variety of target race conditions and exceptions in RPC
-and socket handling.
-
-Bugs in assertion condition handling.
-
-Target RequestMap should ignore query strings.
-
-Fixed the library path in Windows resolvertest batch
-file loader.
-
-Fixed a crash in extkeytool program.
-
-Fixed a file descriptor leak in the IdP.
-
-Fixed a bug that prevented the HS from supporting
-multiple SAML Name Identifier formats.
-
-The attribute resolver now retains the order of attribute
-values obtained from data connectors.
-
-The JDBC Data Connector ignores case when mapping
-sourceName to the attribute name.
-
-Minor udpates to documentation.
-
-Rev'd dependant java libraries (Xerces, Commons Pool,
-Commons DBCP)
-
-
--------
-4/30/04
-Version 1.2
-
-This release represents a fully compatible minor update
-to the Shibboleth 1.0 release, and is considered to be
-ready for production use.
-
-New features in 1.2
-
-Origin
------------------
-
-Multi-federation support. Most origin configuration,
-including signing credentials and identifiers, can be
-overriden depending on the recipient of the assertions.
-
-Simplified application architecture. Both origins
-and targets now reference each other using a single
-identifier called a "provider id".
-
-The Attribute Authority can be configured to answer
-requests with multiple SAML Subject formats,
-increasing interoperability with other SAML-based
-software.
-
-Signing credentials can now be loaded from a variety
-of formats, including those commonly used with OpenSSL.
-
-The origin now validates all requests from 1.2+ targets
-against federation metadata.
-
-Compatibility with 1.1 targets using a "legacy" or
-"default" configuration.
-
-Separate logs are created for errors and transaction
-auditing.
-
-Easier logging configuration.
-
-Support is included for pulling attribute data from SQL
-databases using JDBC. The JDBC Data Connector includes
-support for conection pooling and prepared statements.
-
-Mechanism for throttling requests to the Handle Service.
-This improves performance by preventing the server from
-becoming saturated with signing requests. Throttle can
-be adjusted based for servers with more than two CPUs.
-
-Support for signatures on all SAML Assertions and
-Responses, which allows for more interoperability
-with other SAML-based software and profiles.
-
-Attribute Release Policies can contain match functions
-on attribute values. This allows the release of specific
-values based on regular expression.
-
-Support has been added to the Attribute Authority for
-using alternate data connectors in the event of a
-failure.
-
-The resolvertest program can now process and enforce
-Attribute Release Policies.
-
-Updated library dependencies, including OpenSAML and XML
-Security, with substantial performance improvements when
-signing.
-
-Many important bug fixes
-
-
-Target
------------------
-
-New XML-based configuration system supporting runtime
-adjustment of many settings and better integration with
-supplemental configuration files
-
-Ability to partition deployment into "Applications" at the
-vhost, path, or document level
-
-"Lazy" sessions allow applications to redirect browser
-to initiate a session, allowing content to decide it
-needs authentication or attributes at runtime
-
-Flexible support for multi-federation deployment, including
-selection of credentials and authorities based on the request
-and the origin site or federation
-
-Support for more types of key and certificate formats
-
-Improved pluggability for many aspects of system, including
-access control modules
-
-Clearer trace logging and support for a transaction/audit log
-
-Pooling and caching of HTTP and TLS connections to origins
-
-Support for alternative SAML name formats for intra-enterprise
-deployments and better interoperability with SAML products
-
-Support for tailoring attribute query behavior, particularly
-non-fatal failure modes for intelligent applications prepared
-to deal with missing information
-
-Updated library dependencies, including OpenSAML, Xerces parser,
-XML Security, and support for all GCC 3.x compiler versions
-
-Support for Apache 2.0 as well as Apache 1.3 and IIS
-
-Many important bug fixes