Apache Kerby 1.0.0-RC2 Release Note

["Li, Jiajia" <ji...@intel.com>]

105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
2. PKINIT in RSA case (75%).
3. Finished token support:
    a. Add ability to encrypt and sign using non-RSA keys;
    b. Get the verify key for signed JWT token from kdc config;
    c. Token issuer must be trusted as one of preconfigured issuers;
    d. Add support for decrypting JWT tokens in the KDC.
4. PKIX CMS/X509 support.
5. Full BER encoding support.
6. Improved the ASN1 framework:
    a. Separate Asn1 parser;
    b. Support decoding of primitive but constructed encoded types;
    c. Allow to define explicit and implicit fields more easily for collection types;
　　d. Providing an API to use some useful ASN1 functions by consolidating existing utilities 
7. Dump support for Asn1.
    a. provide an ASN1 dumping tool for troubleshooting
    b. Including built-in ASN1 types and user defined types.
8. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.

RE: Apache Kerby 1.0.0-RC2 Release Note

["Li, Jiajia" <ji...@intel.com>]

Thanks for Kai's suggestion! And I will also update it in website.


105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
2. Finished token support:
    a. Add ability to encrypt and sign using non-RSA keys;
    b. Get the verify key for signed JWT token from kdc config;
    c. Token issuer must be trusted as one of preconfigured issuers;
    d. Add support for decrypting JWT tokens in the KDC.
3. PKIX CMS/X509 support.
4. BER encoding support.
5. Improved the ASN1 framework:
    a. Separate Asn1 parser;
    b. Support decoding of primitive but constructed encoded types;
    c. Allow to define explicit and implicit fields more easily for collection types;
　　d. Providing an API to use some useful ASN1 functions by consolidating existing utilities.
6. Dump support for Asn1.
    a. provide an ASN1 dumping tool for troubleshooting
7. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.



-----Original Message-----
From: Zheng, Kai [mailto:kai.zheng@intel.com] 
Sent: Friday, March 11, 2016 11:11 AM
To: kerby@directory.apache.org
Subject: RE: Apache Kerby 1.0.0-RC2 Release Note

Hi Jiajia,

I'd like to suggest make the following changes to be more accurately. Thanks.

2. PKINIT in RSA case (75%). => remove

5. Full BER encoding support. => remove 'full'

b. Including built-in ASN1 types and user defined types. => remove

Regards,
Kai

-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com] 
Sent: Friday, March 11, 2016 9:29 AM
To: kerby@directory.apache.org
Subject: Apache Kerby 1.0.0-RC2 Release Note


105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
2. PKINIT in RSA case (75%).
3. Finished token support:
    a. Add ability to encrypt and sign using non-RSA keys;
    b. Get the verify key for signed JWT token from kdc config;
    c. Token issuer must be trusted as one of preconfigured issuers;
    d. Add support for decrypting JWT tokens in the KDC.
4. PKIX CMS/X509 support.
5. Full BER encoding support.
6. Improved the ASN1 framework:
    a. Separate Asn1 parser;
    b. Support decoding of primitive but constructed encoded types;
    c. Allow to define explicit and implicit fields more easily for collection types;
　　d. Providing an API to use some useful ASN1 functions by consolidating existing utilities 7. Dump support for Asn1.
    a. provide an ASN1 dumping tool for troubleshooting
    b. Including built-in ASN1 types and user defined types.
8. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.

RE: Apache Kerby 1.0.0-RC2 Release Note

["Zheng, Kai" <ka...@intel.com>]

Hi Jiajia,

I'd like to suggest make the following changes to be more accurately. Thanks.

2. PKINIT in RSA case (75%). => remove

5. Full BER encoding support. => remove 'full'

b. Including built-in ASN1 types and user defined types. => remove

Regards,
Kai

-----Original Message-----
From: Li, Jiajia [mailto:jiajia.li@intel.com] 
Sent: Friday, March 11, 2016 9:29 AM
To: kerby@directory.apache.org
Subject: Apache Kerby 1.0.0-RC2 Release Note


105 JIRA issues were resolved and with the following Features and important changes since 1.0.0-RC1:

1. Anonymous PKINIT support(BETA): allows a client to obtain anonymous credentials without authenticating as any particular principal.
2. PKINIT in RSA case (75%).
3. Finished token support:
    a. Add ability to encrypt and sign using non-RSA keys;
    b. Get the verify key for signed JWT token from kdc config;
    c. Token issuer must be trusted as one of preconfigured issuers;
    d. Add support for decrypting JWT tokens in the KDC.
4. PKIX CMS/X509 support.
5. Full BER encoding support.
6. Improved the ASN1 framework:
    a. Separate Asn1 parser;
    b. Support decoding of primitive but constructed encoded types;
    c. Allow to define explicit and implicit fields more easily for collection types;
　　d. Providing an API to use some useful ASN1 functions by consolidating existing utilities 7. Dump support for Asn1.
    a. provide an ASN1 dumping tool for troubleshooting
    b. Including built-in ASN1 types and user defined types.
8. Separate KrbClient, KrbTokenClient, and KrbPkinitClient APIs.