[project @ Update NEWS file]

1 files changed, 52 insertions, 88 deletions

diff --git a/NEWS b/NEWS
index 83537bc..522bd96 100644
--- a/NEWS
+++ b/NEWS
@@ -1,88 +1,52 @@
-What's New in PHP OpenID 1.1.0
-==============================
-
-Version 1.1 of the PHP OpenID library implements recent changes to the
-OpenID specification as well as making API changes that should make
-integration with applications easier.  The consumer and server
-examples have been updated to use the new APIs.  As usual, if you have
-any questions or would like to provide any kind of feedback at all,
-please subscribe to our development discussion list (see README) and
-let us know!
-
-Yadis Support
--------------
-
-One of the major changes to OpenID since the last release has been the
-approval of Yadis discovery as the preferred way to specify the OpenID
-metadata for an identity URL instead of using <link> tags in
-HTML. This library does Yadis discovery, and if that fails, it falls
-back to old-style discovery.
-
-Some advantages of Yadis support are:
-
- * Support for fallback if your primary OpenID provider is not
-   available
-
- * Support for load-balancing between OpenID servers
-
- * Easy interoperability for different identity services
-
-For more information about Yadis, see http://yadis.org/ or
-http://www.openidenabled.com/yadis/.
-
-Extension Support
------------------
-
-OpenID also has formalized support for extensions. Extensions are a
-mechanism for transferring information from the consumer to the server
-and from the server to the consumer in the process of performing
-OpenID authentication. Extensions are implemented as additional
-namespaced query arguments that go along with standard OpenID requests
-and responses. This library provides a simple API for adding extension
-arguments to requests and extracting extension responses from replies.
-
-Consumer API
-------------
-
-The consumer API has been changed for more natural use as well as to
-support extension arguments.
-
- * Auth_OpenID_Consumer($store, [$fetcher], [$immediate]) is now
-   Auth_OpenID_Consumer($store, [$session]).  The session object is an
-   instance of Services_Yadis_PHPSession or a subclass thereof.  The
-   default implementation wraps PHP's session machinery.
-
- * Auth_OpenID_Consumer::beginAuth($user_url) is now
-   Auth_OpenID_Consumer::begin($user_url) and either returns an
-   Auth_OpenID_AuthRequest object or returns null. There is no more
-   tuple unpacking or status codes.
-
- * Auth_OpenID_Consumer::constructRedirect($auth_req, $return_to,
-   $trust_root) is now
-   Auth_OpenID_AuthRequest::redirectURL($trust_root, $return_to,
-   [$immediate]).
-
- * Auth_OpenID_Consumer::completeAuth($token, $query) is now
-   Auth_OpenID_Consumer::complete($query). It no longer returns a
-   tuple. Instead it returns an object that has a status code and
-   additional information about the response. See the API
-   documentation and examples for more information.
-
-Server API
-----------
-
-The server API has been changed for greater extensibility.  Instead of
-taking an "is_authorized" callback, processing happens in several
-stages, allowing you to insert extension data into the response before
-it is signed and returned.  See the documentation for the Server.php
-file.  Particularly, see the server example code in the examples/
-directory.
-
-Upgrading
----------
-
-The server changed the way it indexes associations in the store, so if
-you're upgrading a server installation, we recommend you clear the old
-records from your store when you do so.  As a consequence, consumers
-will re-establish associations with your server a little sooner than
-they would have otherwise.
+What's New in PHP OpenID 2.0
+============================
+
+The big news here is compatibility with version 2.0 of the OpenID
+protocol.  Highlights include:
+
+ * Simple Registration support in a new module Auth/OpenID/SReg.php.
+   (Those previously using
+   Auth_OpenID_SuccessResponse::extensionResponse() are advised to
+   look here and at the example consumer and server for detailed usage
+   information.)
+ * OpenID provider-driven identifier selection.
+ * "Negotiators" allow you to define which association types to use.
+ * Improved examples/detect.php script (bugs fixed)
+ * Improved layout of example consumer (see examples/consumer)
+ * An improved HTML parser implementation
+ * Library is now immune to being included inside functions and
+   methods
+
+
+Upgrading from earlier versions of this library
+-----------------------------------------------
+
+One of the additions to the OpenID protocol was a specified nonce
+format for one-way nonces.  As a result, the nonce table in the
+SQL-driven stores has changed.  You'll need to run
+contrib/upgrade-store-1.1-to-2.0 to upgrade your store, or you'll
+encounter errors about the wrong number of columns in the oid_nonces
+table.
+
+Consumers should now pass an additional parameter to
+Auth_OpenID_Consumer::complete() to defend against return_to URL
+tampering.
+
+
+Summary of API Changes
+----------------------
+
+ - Auth_OpenID::fixArgs is now no longer necessary, and
+Auth_OpenID_Consumer::complete and Auth_OpenID_Server::decodeRequest
+no longer take query argument arrays.
+
+ - Auth_OpenID_SuccessResponse::extensionResponse() is no longer the
+preferred way to extract extension response parameters from the OpenID
+response.  Instead, see the Auth/OpenID/SReg.php module and the
+example consumer and server for detailed usage information on
+constructing Simple Registration requests and inspecting responses.
+
+ - The Auth_OpenID_Server's response answer() method now takes
+addition parameters to support provider-driven identifier selection.
+See the example server and the documentation for
+Auth_OpenID_CheckIDRequest::answer.