forked from ESGF/esgf-security
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
150 lines (106 loc) · 5.34 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Previous Versions:
- Changed the Attribute Service to issue attributes with configurable names (as opposed to the same fixed attribute name).
- Changed the Attribute Service API to support both string-based simple attributes, and (group,role) complex attributes
- Removed all code related to parse attribute strings into (group,role) pairs
- Inserted example code to query Authorization Services deployed at ESG-JPL and ESG-PCMDI Gateways
- Merged with contributions from BADC
- Repackaged from "esg.saml" to "esg.security"
- Repackaged "esg.security.auth" to "esg.security.authn"
Note that the above changes alter the API of the SAMLAttributes interface, and consequently of the SAMLAttributesFactory interface:
any implementation of the factory interface must now generate attributes that have both a name and a value, either as simple strings
or as (group,role) pairs.
- Added BSD Open Source License
- Changed log file name to avoid possible conflicts with other applications
- Moved configuration files to module specific directory: esg/saml/config.
- Upgraded dependencies to latest version of OpenSAML libraries (i.e. opensaml, openws and xmltooling jars)
- Removed warnings due to obsolete Xerces and SAML libraries.
- Implementation of optional white-listing for Attribute and Authorization Services
- Changed versioning schema to include datanode schema at the beginning
- Moved utils subpackage to esg.security.utils
1.0.2
- Changed versioning number
1.1.0
Provided stub implementations of PolicyService, RegistryService, AttributeService and AuthorizationService that are backed up by local XML files.
Version 1.1.1
- Provided web application home page with facility to test the Attribute and Authorization services.
Version 1.1.2
- Provided support for freely available resources, using a policy attribute of type "ANY".
Version 1.2.0
- Inserted support for database back-ends of Authentication and Authorization services.
Version 1.2.1
- Switched to loading properties from esg.properties via ESGF Properties subclass
Version 1.2.2
- Switched property names to esgf.host, esgf.https.port
Version 1.2.3
- Inserting support for compatibility with legacy system: transform (group,role) pairs into attribute (name, value) pairs.
Version 1.2.4
- Inserted policy that allowed free access to all URLs that contain 'esg_dataroot'
Version 1.2.8
- Changed level of some log statements.
- Inserted debug statement when credentials cannot be loaded from keystore.
Version 1.2.9
- Modified the SAMLAttributeFactoryLocalXmlImpl to parse (group,role) attributes out of the sample XML file
Version 1.3.0
- Included special factory and configuration file to drive the attribute service from the gateway database
- Included functionality for reading registry files produced by ESGF registry
Version 1.3.1
- Included support for parsing list of LAS servers IP addresses from las_serevers.xml
Version 1.4.0
- Exposed PolicyService to HTTP requests via PolicyServiceController
- Introduced Registration Service for access control groups membership
Version 1.4.1
- Configuration changes to ESGFregistry.xml and ESGGpolicies.xml
Version 1.4.2
- Changed PCMDI endpoint from esg-node3 to pcmdi9
Version 1.4.3
- Changed roles used in ESGFpolicies.xml to be "user", "publisher" (lower case)
Version 1.4.4
- Inserted PNNL policy statements
- Inserted support for registering with a group that does NOT have automatic approval (user registration is pending).
Version 1.4.6
- Inserting polocies for AVISO and REMSS
Version 1.4.7
- Inserting support for authorization versus local "wheel" group
Version 1.4.9
- Upgrading the registry facility to allow for one or more XML endpoint files
Version 1.5.0
- Registry facility supports retrieval of shard endpoints for Solr search
Version 1.5.1
- Preserving order of the shards.
Version 1.5.2
- Changed the namespace of the shards file.
Version 1.5.3
- Moved to using esg_policies.xml and esgf_ats.xml, with security namespace xmlns="http://www.esgf.org/security"
Version 1.5.4
- Inserted connection timeout in SOAPServiceClient, to prevent deadlock when remote services are not available.
Version 1.5.5
- Changing names of policy files to esgf_policies_local.xml, esgf_policies_common.xml
Version 1.5.6
- Switched to apache commons MultiThreadedHttpConnectionManager
Version 1.5.7
- Added support (and example) for file esgf_ats_static.xml.
Version 2.0.0
- Cleaned up XML configuration for future support of "data-node-only" install
- Fixed tests
- Inserted support for caching of user attributes
- Removed obsolete jar dependency
Version 2.0.1
- Made SOAPServiceClient a singleton to prevent multiple instantiations of the underlying Apache HTTP Connection Manager.
Version 2.0.2
- Moved example main programs into separate folder.
Version 2.1.0
- Increasing socket time out to 10 secs.
Version 2.1.2
- Modified registry service to only contain list of unique elements (URLs or strings)
Version 2.1.3
- Fixed problem with comparing URLs, which was causing loading of registry information to be slow.
Version 2.1.4
- Provided method to manually set the list of shards in the Registry Service
Version 2.1.6
- Provided facility in RegistryService to retrieve all attribute types, across the federation.
Version 2.1.7
- Forcing reloading of registry file every X minutes.
Version 2.1.12
- Inserting federated attribute service
Version 2.2.1
-- Inserted facility to resolve user openid into user data.