Previous Versions: - Changed the Attribute Service to issue attributes with configurable names (as opposed to the same fixed attribute name). - Changed the Attribute Service API to support both string-based simple attributes, and (group,role) complex attributes - Removed all code related to parse attribute strings into (group,role) pairs - Inserted example code to query Authorization Services deployed at ESG-JPL and ESG-PCMDI Gateways - Merged with contributions from BADC - Repackaged from "esg.saml" to "esg.security" - Repackaged "esg.security.auth" to "esg.security.authn" Note that the above changes alter the API of the SAMLAttributes interface, and consequently of the SAMLAttributesFactory interface: any implementation of the factory interface must now generate attributes that have both a name and a value, either as simple strings or as (group,role) pairs. - Added BSD Open Source License - Changed log file name to avoid possible conflicts with other applications - Moved configuration files to module specific directory: esg/saml/config. - Upgraded dependencies to latest version of OpenSAML libraries (i.e. opensaml, openws and xmltooling jars) - Removed warnings due to obsolete Xerces and SAML libraries. - Implementation of optional white-listing for Attribute and Authorization Services - Changed versioning schema to include datanode schema at the beginning - Moved utils subpackage to esg.security.utils 1.0.2 - Changed versioning number 1.1.0 Provided stub implementations of PolicyService, RegistryService, AttributeService and AuthorizationService that are backed up by local XML files. Version 1.1.1 - Provided web application home page with facility to test the Attribute and Authorization services. Version 1.1.2 - Provided support for freely available resources, using a policy attribute of type "ANY". Version 1.2.0 - Inserted support for database back-ends of Authentication and Authorization services. Version 1.2.1 - Switched to loading properties from esg.properties via ESGF Properties subclass Version 1.2.2 - Switched property names to esgf.host, esgf.https.port Version 1.2.3 - Inserting support for compatibility with legacy system: transform (group,role) pairs into attribute (name, value) pairs. Version 1.2.4 - Inserted policy that allowed free access to all URLs that contain 'esg_dataroot' Version 1.2.8 - Changed level of some log statements. - Inserted debug statement when credentials cannot be loaded from keystore. Version 1.2.9 - Modified the SAMLAttributeFactoryLocalXmlImpl to parse (group,role) attributes out of the sample XML file Version 1.3.0 - Included special factory and configuration file to drive the attribute service from the gateway database - Included functionality for reading registry files produced by ESGF registry Version 1.3.1 - Included support for parsing list of LAS servers IP addresses from las_serevers.xml Version 1.4.0 - Exposed PolicyService to HTTP requests via PolicyServiceController - Introduced Registration Service for access control groups membership Version 1.4.1 - Configuration changes to ESGFregistry.xml and ESGGpolicies.xml Version 1.4.2 - Changed PCMDI endpoint from esg-node3 to pcmdi9 Version 1.4.3 - Changed roles used in ESGFpolicies.xml to be "user", "publisher" (lower case) Version 1.4.4 - Inserted PNNL policy statements - Inserted support for registering with a group that does NOT have automatic approval (user registration is pending). Version 1.4.6 - Inserting polocies for AVISO and REMSS Version 1.4.7 - Inserting support for authorization versus local "wheel" group Version 1.4.9 - Upgrading the registry facility to allow for one or more XML endpoint files Version 1.5.0 - Registry facility supports retrieval of shard endpoints for Solr search Version 1.5.1 - Preserving order of the shards. Version 1.5.2 - Changed the namespace of the shards file. Version 1.5.3 - Moved to using esg_policies.xml and esgf_ats.xml, with security namespace xmlns="http://www.esgf.org/security" Version 1.5.4 - Inserted connection timeout in SOAPServiceClient, to prevent deadlock when remote services are not available. Version 1.5.5 - Changing names of policy files to esgf_policies_local.xml, esgf_policies_common.xml Version 1.5.6 - Switched to apache commons MultiThreadedHttpConnectionManager Version 1.5.7 - Added support (and example) for file esgf_ats_static.xml. Version 2.0.0 - Cleaned up XML configuration for future support of "data-node-only" install - Fixed tests - Inserted support for caching of user attributes - Removed obsolete jar dependency Version 2.0.1 - Made SOAPServiceClient a singleton to prevent multiple instantiations of the underlying Apache HTTP Connection Manager. Version 2.0.2 - Moved example main programs into separate folder. Version 2.1.0 - Increasing socket time out to 10 secs. Version 2.1.2 - Modified registry service to only contain list of unique elements (URLs or strings) Version 2.1.3 - Fixed problem with comparing URLs, which was causing loading of registry information to be slow. Version 2.1.4 - Provided method to manually set the list of shards in the Registry Service Version 2.1.6 - Provided facility in RegistryService to retrieve all attribute types, across the federation. Version 2.1.7 - Forcing reloading of registry file every X minutes. Version 2.1.12 - Inserting federated attribute service Version 2.2.1 -- Inserted facility to resolve user openid into user data.