From 6afb7ce280e25ff7a11a02c1e7f3cf69af6548c2 Mon Sep 17 00:00:00 2001 From: cantor Date: Tue, 4 May 2004 19:55:56 +0000 Subject: [PATCH] Sync up git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1088 cb58f699-b61c-0410-a6fe-9272a202ed29 --- doc/CREDITS.txt | 13 ++++--- doc/NEWS.txt | 108 ++++++++++++++++++++++++++++++++++++++++++++++---------- doc/README.txt | 2 +- 3 files changed, 100 insertions(+), 23 deletions(-) diff --git a/doc/CREDITS.txt b/doc/CREDITS.txt index 8d57429..dfc6239 100755 --- a/doc/CREDITS.txt +++ b/doc/CREDITS.txt @@ -17,8 +17,8 @@ Shibboleth Implementation Team cantor.2@osu.edu Walter Hoehn - Columbia University - wassa@columbia.edu + The University of Memphis + wassa@memphis.edu Project Management @@ -48,8 +48,13 @@ Thanks to: the initial shibboleth prototype Brian Pittman (WebAssign), Mark Earnest (PSU), James Shvarts (Columbia), - Ryan Muldoon (Wisconsin), John Hopkins (PSU), and David Walker (UCOP); - for much help with testing + Ryan Muldoon (Wisconsin), John Hopkins (PSU), Noah Levitt (Columbia), + and David Walker (UCOP); for much help with testing Dave Dearman (NRCC), for contributing a SQL Data Connector for the AA resolver + + Noah Levitt (Columbia), for simplifying the logging configuration. + + Joel Murphy (Buffalo), for much help with load testing and generally + pushing the software to its limits. diff --git a/doc/NEWS.txt b/doc/NEWS.txt index 0d77b76..a3616dd 100644 --- a/doc/NEWS.txt +++ b/doc/NEWS.txt @@ -1,38 +1,110 @@ -3/15/04 +4/30/04 Version 1.2 -This release represents a fully compatible minor update to the Shibboleth 1.0 release, -and is considered to be ready for production use. +This release represents a fully compatible minor update +to the Shibboleth 1.0 release, and is considered to be +ready for production use. -Features and Changes in 1.2 +New features in 1.2 Origin +----------------- -New XML-based configuration format +Multi-federation support. Most origin configuration, +including signing credentials and identifiers, can be +overriden depending on the recipient of the assertions. -Simplified logging configuration +Simplified application architecture. Both origins +and targets now reference each other using a single +identifier called a "provider id". -Enhancements to Attribute Resolver for client-side failover and revamped JDBC connector +The Attribute Authority can be configured to answer +requests with multiple SAML Subject formats, +increasing interoperability with other SAML-based +software. -Support for file-based signing credentials +Signing credentials can now be loaded from a variety +of formats, including those commonly used with OpenSSL. -Per-target handling of NameIdentifiers and credential selection +The origin now validates all requests from 1.2+ targets +against federation metadata. + +Compatibility with 1.1 targets using a "legacy" or +"default" configuration. + +Separate logs are created for errors and transaction +auditing. + +Easier logging configuration. + +Support is included for pulling attribute data from SQL +databases using JDBC. The JDBC Data Connector includes +support for conection pooling and prepared statements. + +Mechanism for throttling requests to the Handle Service. +This improves performance by preventing the server from +becoming saturated with signing requests. Throttle can +be adjusted based for servers with more than two CPUs. + +Support for signatures on all SAML Assertions and +Responses, which allows for more interoperability +with other SAML-based software and profiles. + +Attribute Release Policies can contain match functions +on attribute values. This allows the release of specific +values based on regular expression. + +Support has been added to the Attribute Authority for +using alternate data connectors in the event of a +failure. + +The resolvertest program can now process and enforce +Attribute Release Policies. + +Updated library dependencies, including OpenSAML and XML +Security, with substantial performance improvements when +signing. + +Many important bug fixes Target +----------------- + +New XML-based configuration system supporting runtime +adjustment of many settings and better integration with +supplemental configuration files + +Ability to partition deployment into "Applications" at the +vhost, path, or document level + +"Lazy" sessions allow applications to redirect browser +to initiate a session, allowing content to decide it +needs authentication or attributes at runtime + +Flexible support for multi-federation deployment, including +selection of credentials and authorities based on the request +and the origin site or federation + +Support for more types of key and certificate formats + +Improved pluggability for many aspects of system, including +access control modules -New XML-based configuration format, with full support for mapping of URLs to -distinct "Shibboleth applications" with unique configuration settings +Clearer trace logging and support for a transaction/audit log -Revamped API with XML-based site, trust, revocation, and attribute policy metadata -implementations in pluggable library +Pooling and caching of HTTP and TLS connections to origins -Replacement of static SSL trust configuration with XML-based policy +Support for alternative SAML name formats for intra-enterprise +deployments and better interoperability with SAML products -Bug fixes to attribute handling +Support for tailoring attribute query behavior, particularly +non-fatal failure modes for intelligent applications prepared +to deal with missing information -Support for Apache 2.0 has been added +Updated library dependencies, including OpenSAML, Xerces parser, +XML Security, and support for all GCC 3.x compiler versions -Protocol enhancements to support 1.2 origins +Support for Apache 2.0 as well as Apache 1.3 and IIS -Numerous other leaks and bugs fixed +Many important bug fixes diff --git a/doc/README.txt b/doc/README.txt index 5bc1103..5929182 100644 --- a/doc/README.txt +++ b/doc/README.txt @@ -1,4 +1,4 @@ -3/15/04 +4/27/04 Version 1.2 Welcome to Internet2's Shibboleth -- 2.1.4