[Release] Lasso 2.3

- update the NEWS file
 - add abi-2.3 file
 - update DOAP files
 - update lasso website template
 - add temporary message to download pages, as there are no download
   links currently.

NEWS

@@ -1,6 +1,134 @@
 NEWS
 ====
 
+2.3 - July 19th 2010
+--------------------
+
+391 commits, 332 files changed, 13919 insertions, 7137 deletions
+
+So what's new ?
+
+ * Misc:
+	- a public key is no more mandatory for building a LassoProvider
+	- date parsing now conforms to XSD and ISO8601 specification,
+	  especially with respect to milliseconds (they are just ignored, but
+	  parsing do not fails now).
+	- the encryption private key can be loaded with a password (SAMLv2
+	  support only)
+	- keep on replacing direct glib data structure manipulation function by
+	  safer lasso macros.
+	- remove useless verbosity when there is already some error reporting
+	  through method return value.
+	- add a signature_verify_hint parameter to all profiles, which can be
+	  used to specify the policy for verifying signatures. The choices are:
+	  - maybe, i.e. let Lasso decides,
+	  - force, i.e. always verify, even when it is not needed by the spec,
+	  - ignore, i.e. verify, but do not block processing on signature
+	    verifications error.
+	- add a new snippet type: SNIPPET_COLLECT_NAMESPACES, to collect all
+	  declared namespaces in the context of a node. It is needed for
+	  interpreting a string value which depend on the locally declared
+	  namespaces (like XPath queries).
+	- support full syntax for query strings (lasso missed support for
+	  semi-colon separator between query string key-value pairs).
+	- make LassoServer load its public key like LassoProvider
+	- lasso_build_unique_id is now part of the public API
+	- add lasso_profile_sso_role_with to decide on the role we have toward
+	  another provider (depending on the Identity, the Session or the
+	  Server object in this order).
+	- add a lasso_node_debug method wich output a human friendly dump (i.e.
+	  indented) of a serialized LassoNode, contrary to dump which returns a
+	  computer friendly one (dump will conserve signature values, not
+	  debug).
+
+ * SAMLv2:
+	- constraint on the number of SessionIndex value in a LogoutRequest was
+	  worked-around (see
+	  lasso_samlp2_logout_request_get/set_session_indexes)
+	- full support for encrypted signing key (ID-FFv1.2 is coming in next
+	  release)
+	- The treatment of assertions consumer endpoints metadata was improved to be
+	  what the specification says, i.e find the best default.
+	- lasso_assertion_query_build_request_msg now properly initialize the Subject
+	  of the query from all possibles sources (first profile->nameIdentifier, then
+	  from the identity dump and finally from the session).
+	- when a parsed Assertion contains a signature, we return the
+	  original_xmlnode instead of serializing the LassoNode content when
+	  calling lasso_node_get_xmlNode. This is in order to keep canonical
+	  representation of signed assertions. The result is that parsed and
+	  signed assertions should be considered read-only with respect to
+	  serialization.
+	- lasso_login_build_assertion no longer initialize sessionNotOnOrAfter,
+	  it must be done explicitely by the IdP implementation. Only the
+	  assertion lifetime is set by the arguments.
+	- when loading metadata for a provider, we verify that a role
+	  descriptor exists for the prescribed role: i.e if you do
+	  server.addProvider(lasso.PROVIDER_ROLE_SP, "metadata.xml"), lasso
+	  checks that the metadata contain a descriptor for the role "SPSSO".
+	- new helper methods to manipulate and check conditions on
+	  SAMLv2 assertions.
+	- move strings to their own header (but keep retro-compatibility
+	  through inclusion in xml/strings.h).
+
+ * Bindings:
+	- improve general use of bindings/utils.py module inside the bindings
+	  to share type matching logic.
+
+ * Python binding:
+	- Glib warning are tunneled through python logging API
+	- camelcasing of uppercase starting fields for python and java bindings has
+	  been fixed, old orthograph has been also kept for compatibility. The problem
+	  could be seen on LassoAssertion object where the field ID was renamed iD
+	  which was difficult to guess.
+	- node class now supports pickling by leveraging existing XML
+	  serialization. It posseses the same limitations as the existing XML
+	  serialization, for example serializing a LassProfile is not an
+	  idempotent operation, it will miss the server, identity and session
+	  fields.
+	- empty GList now return an empty tuple, not None (it fixes a lot
+	  list traversal codes)
+	- do not forget to emit 'pass' in declaration of class without any
+	  content (no method, no field, no constructor)
+	- the code to emit 'freeing' code for values was factorized and improved.
+	- for empty lists returns an empty pyhon list, not None.
+
+ * Perl binding:
+	- support for out parameters was added.
+	- better memory freeing
+
+ * Java binding:
+	- finished exception support for error returning methods.
+	- optimize the makefile for file listing generation
+	- for NULL GList returns an empty ArrayList object, not null.
+
+ * Documentation:
+	- add examples to LassoLogout documentation
+	- fix missing or deprecated methods in lasso-sections.txt
+	- document LassoIdWsf2Profile methods
+	- document runtime flags
+
+ * Tests:
+	- new macros to help in testing (see tests/tests.h), they also make
+	  better error reporting (when comparing values, they show the expected
+	  and the obtained value).
+	- SAMLv2 AuthnRequest through HTTP-Artifact binding is tested
+	- SAMLv2 LogoutRequest with multiple SessionIndex is tested
+	- force C locale for integration test (we match UI strings, so it is
+	  needed).
+	- SAMLv2, test websso with encrypted private keys (idp and sp side)
+	- SAMLv2, add a python test for attribute authority
+
+ * ID-WSF 2.0:
+	- constant strings were moved to their own header
+	  (lasso/xml/id-wsf-2.0/idwsf2_strings.h)
+	- add helper method to retrieve the bootstrap EPR from an assertion and
+	  to mint assertion to use as WS-Security tokens.
+	- add method lasso_idwsf2_data_service_get_query_item_result_content to
+	  retrieve DST query result as text
+	- sign SAMLv2 assertion used as WS-Security tokens
+
+And many minor bug-fixes...
+
 2.2.91 - January 26th 2010
 --------------------------
 

configure.ac

@@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
 dnl   first number.
 dnl - Third number is the current API version implementation version number.
 dnl See libtool explanations about current, age and release, later in this file.
-AC_INIT([lasso], 2.2.91, lasso-devel@lists.labs.libre-entreprise.org)
+AC_INIT([lasso], 2.3, lasso-devel@lists.labs.libre-entreprise.org)
 dnl Check if autoconf ver > 2.53
 AC_PREREQ(2.53)
 AC_CONFIG_MACRO_DIR([m4])

lasso.doap

@@ -61,6 +61,10 @@
       </SVNRepository>
     </repository>
     <release>
+      <Version>
+        <created>2010-07-19</created>
+        <revision>2.3</revision>
+      </Version>
       <Version>
         <created>2010-01-26</created>
         <revision>2.2.91</revision>

website/templates/base.ezt

@@ -37,8 +37,8 @@
 <div id="download">
  <h2>Download</h2>
  <p>
-  The most recent version of Lasso is <strong>2.2.91</strong> and was
-  release on January 26th 2010.
+  The most recent version of Lasso is <strong>2.3</strong> and was
+  release on July 19th 2010.
  </p>
  <h3>Binary packages</h3>
  <p>
@@ -47,8 +47,7 @@
  </p>
  <h3>Source</h3>
  <p>
-  <li><a href="http://labs.libre-entreprise.org/frs/download.php/765/lasso-2.2.91.tar.gz">.tar.gz</a></li>
-  <li><a href="https://dev.entrouvert.org/projects/lasso/repository">Subversion Repository</a></li>
+   <li>Wait for 2.3 updates of download links...</li>
  </p>
 </div>
 [end]

website/web/doap.rdf

@@ -61,6 +61,10 @@
       </SVNRepository>
     </repository>
     <release>
+      <Version>
+        <created>2010-07-19</created>
+        <revision>2.3</revision>
+      </Version>
       <Version>
         <created>2010-01-26</created>
         <revision>2.2.91</revision>

website/web/download/index.xml

@@ -10,8 +10,7 @@
 	<p>
 	  Lasso is licensed under the GNU GPL and the latest release
 	  is available here as a gzipped tarball:
-	  <a
-	  href="http://labs.libre-entreprise.org/frs/download.php/765/lasso-2.2.91.tar.gz">lasso-2.2.91.tar.gz</a>
+	  <a href="">Wait for update of 2.3 release sources...</a>
 	</p>
 
 	<h2>Binary Downloads</h2>
@@ -25,14 +24,14 @@
 	</p>
 	 
 	<p>
-	  Additionnaly there are <i>sarge</i> packages and there may be more
+		Additionnaly there are <i>lenny</i> abd <i>karmic</i> packages and there may be more
 	  uptodate packages available in our local apt repository.  Pick the
 	  one appropriate for your distribution:
 	</p>
 
 	<pre>
-deb http://deb.entrouvert.org sarge main
-deb http://deb.entrouvert.org etch main
+deb http://deb.entrouvert.org lenny main
+deb http://deb.entrouvert.org karmic main
 </pre>
 
 	<p>
@@ -42,11 +41,10 @@ deb http://deb.entrouvert.org etch main
 	<ul>
 	 <li>liblasso3: runtime library</li>
 	 <li>liblasso3-dev: C development kit</li>
-	 <li>python2.3-lasso: Python 2.3 bindings</li>
-	 <li>php4-lasso: PHP bindings</li>
+	 <li>python-lasso: Python 2.5 & 2.6 bindings</li>
+	 <li>php5-lasso: PHP bindings</li>
 	 <li>liblasso-java: JAVA bindings</li>
-	 <li>liblasso-perl: Perl bindings</li>
-	 <!--<li>liblasso-cil: .NET bindings</li>-->
+	 <li>liblasso3-perl: Perl bindings</li>
 	</ul>
 
 	<p>
@@ -58,8 +56,8 @@ deb http://deb.entrouvert.org etch main
 	<h3>Fedora Core Packages</h3>
 
 	<p>
-	  There are RPM packages built on Fedora Core 6; <strong>they will soon
-	  be updated for 2.2.1 and a newer Fedora</strong>
+	  There are RPM packages built on Fedora Core 6; <strong>beware that
+		  they are from an old release</strong>
 	</p>
 
 	<ul>
@@ -109,6 +107,10 @@ deb http://deb.entrouvert.org etch main
 
 	<pre> svn checkout svn://labs.libre-entreprise.org/svnroot/lasso/trunk lasso </pre>
 
+	<p> We are actively moving to git for future development, the details
+		will be given here. For people who cannot use git, regular
+		tarbal of the trunk will be made. </p>
+
  </body>
 </html>