Our usual approach to adding new features is to do so to coincide with major and minor releases. Update versions to a release will always be drop-in replacements of previous versions of the release, and generally only contain bug fixes.
We sometimes add new features where these are non-disruptive (e.g., add-ons at the periphery, rather than changes to our core server products), particularly early in the life of a release when we do not want to make customers wait for the next release to get a new feature.
We are adding nine new features to R14.4 in the R14.4v1 update version
- Improved GUI Management in Sodium for Security Label and Security Clearances (more)
- Security Label/Clearance/Policy tools (more)
- Support for XEP-0237 (Roster Versioning) in M-Link (more)
- Improved Sodium Sync operation for Sync to Active Directory (more)
- Support of HSQLDB as Audit Database option (more)
- Audit Database management service (more)
- STANAG 5066 Console Updates (more)
- X.400 Gateway API Extensions (more)
- Enhancements to the Java X.400 Client API (more)
The 14.4v0 GUI capabilities for handling security labels and security clearances meant that in practice you are restricted to either very simple labels/clearances or you load pre-prepared labels/clearances from files (XML or ASN.1).
We have added a Catalog mechanism, that enables simple GUI selection from a standard list. For a simple security policy, the Catalog would simply be a list of all possible labels or clearances. For a complex security policy, it would be a selection of labels or clearances appropriate for the deployment.
This Catalog mechanism has been added to Sodium. We will add it to other places in future releases (in particular to IMA for User Clearances, and XUXA for Labels). Sodium now has Catalog support define in templates for the following applications:
M-Link/M-Vault/Third Party Applications
- User Clearance (Security Clearance in a directory entry)
- Security Label as operational attribute in any entry
- DSA Clearance (to control data in the server)
- DSA Label (to control connected users)
- Server (Domain) Clearance (to control messages switched)
- Server (Domain) Label (to control connected users)
- MUC Group Clearance (to control messages switched)
- MUC Group Label (to control group members)
Isode will provide sample Catalogs, along with the sample Security Policies included with R14.4. This will enable easy setup of Security Label capabilities in our products.
We're including a number of command line tools in the release. We've been using these internally, and it has become clear that they will be useful to customers setting up systems using Security Labels. Tools include:
Label, Clearance and SPIF tools:
- format conversion (between supported ASN.1 and XML formats)
- descriptive dump
- Evaluates the ACDF (Access Control Decision Function) to check a label against a clearance under a specific policy
Security Label & Security Clearance builders
- Tools to help correctly build complex Security Labels and Clearances according to a Security Policy
- Creates a complete (Label or Clearance) Catalog from a SPIF (Security Policy Information File)
XEP-0237 "Roster Versioning" has been added to M-Link. This specification, which is expected to become part of the core XMPP protocol at some stage, optimizes client connection by only providing an updated roster if there has been a change since the last connection. This is an important optimization for clients working over slow links.
XEP-0237 uses the same techniques to optimize network use as IMAP CONDSTORE RFC 4551 "IMAP Extension for Conditional STORE Operation or Quick Flag Changes Resynchronization" which is implemented by M-Box. Isode has been a major contributor to and editor of both of these specifications.
We've made some changes to Sodium Sync to improve sync to Active Directory, and in particular added support for mapping X.400 OR Addresses into the forms required by AD/Exchange.
We've added HSQLDB support as an alternative Audit Database option to Postgres. HSQLDB is a simple Java JDBC database.
One reason for doing this is to clearly demonstrate and test the database independence of our tools.
The second reason is to provide an easy demo setup. We are bundling HSQLDB with the Isode product set, which makes it easy to set up an Audit Database for demonstration and evaluation purposes. Our experience suggests that HSQLDB scaling limit as an Audit Database is around 40,000 records, which
means that it is unlikely to be suitable for production use.
We've added a way to manage removal of old records from the Audit Database. This is done by the AuditDB Management Daemon (which also takes on the functionality of the existing AuditDB Quarantine Management Daemon).
We made some improvements to STANAG 5066 Console in order to do STANAG 5066 benchmarking, and have included these changes. The benchmarking is described in the Isode Whitepaper "STANAG 5066 Performance Measurements over HF Radio".
We've extended our X.400 Gateway API to better expose the message content. This will be of interest to those handling content types other than IPM or P772, and in particular those needing to access the CMS layers of STANAG 4406 ed 2.
The R14.4v0 Java Client API is implemented as a thin layer over the 'C' API, and provides a similar API. This is convenient for those using both APIs, but means that the Java API is quite low level and of a style that would be expected by a 'C' programmer, but does not take advantage of Java language features. We have added a higher level interface, which will be natural for Java developers, and should reduce development times for those building X.400 applications over our Java X.400 Client API.