• Not yet started
• Work in progress
• Completed

Release 1.6 (Late April 2010)

• Remove CC noncomercial icons (257)
• Introduce setAuthnRequest to new IdP core. (279)
• Include japanese translation (281)
• Accept multiple SAML and Shib endpoint at SP (20)
• Better understanding of SAML 2.0 LogoutResponse (169)
• Introduce ""dictionary format"", backward compatibility (263)
• SessionIndex should be unique per SP (44)
• Better support for WAYF-less URLs (262)
• Session association timeout (180)
• Improve error handling and error UI for iframe SLO (186)
• Single SPSSODescriptor in metadata for saml module (199)
• Generic Identity Provider Core Module (203)
• Metadata aggregator when endpoint is missing (224)
• AuthnInstant from Session (225)
• Export requested attributes in xml metadata (228)
• Self-register module (231)
• clean up flat file metadata output (233)
• OpenID 2.0 Support (235)
• Remove metadata validator code and config valiator code (236)
• Remove ldapstatus module (237)
• Upgrade translation portal and switch to JSON template format (239)
• SPENTITYID in privacy policy URL. (241)
• Fix or remove configuration check (243)
• openid classes depended on ini_set (259)
• Update documentation for authproc (287)
• SAML2 metadata classes (290)

Release 1.7 (Late summer / autumn 2010)

• Improve Attribute Translation (185)
• Merge in new version of xmlseclibs (277)
• Logic for Encrypting assertion when receiving endpoint is not secured (283)
• Merge MetaDataStorageHandlerXML.php and MetaDataStorageHandlerDynamicXML.php (113)
• Add an option at the SP to use the FriendlyName instead of the attribute name. (157)
• Reverse proxy support (189)
• Combine shib13-idp-remote and saml20-idp-remote. (197)
• UI for information about modules and enabling and disabling modules (210)
• Don't require consent for some attributes (220)
• Fully declarative SessionHandlers (226)
• Add AttributeSource API (238)
• Memcache should support locking of the session (240)
• Proper handling of disabled cookies (242)
• Generated transient NameID sent back as persistent. (247)
• HTTP proxy support for network metadata downloading (250)
• Parse embedded EntitiesDescriptors (253)
• New statistics format (254)
• SP API must support completion handlers for login (255)
• Make discopower the default SAML 2.0 identity provider discovery service (266)
• Consider including offered processing filters from Alex Mihicinac (291)
• Add support Common Domain Cookie in SAML SP module (297)
• Document IdP-initiated logout (328)
• Introduce a new cookie/session after authentication (329)

Release 2.0 (Late 2010)

• Remove www/auth and deprecated authentication module API (273)
• Remove support for deprecated dictionary format (274)
• Remove depdecated SAML SP code, in www/saml2/sp and www/shib13/sp (275)
• Remove experimental modules (276)