2010 December - Board report for Apache Shiro

Shiro is a powerful and flexible open-source application security framework
that cleanly handles authentication, authorization, enterprise session
management and cryptography.

We have no issues that require Board assistance at this time.

Releases:
- No releases since our first 1 Nov 1.1.0 release as a TLP

Community & Project:
 - No new committers or PMC members

 - Continued user participation on the mailing lists.  This last month
   probably represents the highest user activity with regards to
   opening Jira issues and providing patches, a healthy sign that our
   project continues to grow as a new TLP.

 - The development team is discussing as to when our next release might
   be, whether it will be before or after the holidays.  It is not
   currently decided if it will be a 1.1.1 point release or a
   1.2 minor release.

 - There has been a lot of discussion in the last month by both users and
   developers as to the best way to support Shiro integration with
   3rd-party (ASF compatible) frameworks and libraries - either include
   the code as 'support modules' within Shiro's codebase, or to have the code
   reside somewhere else, like a 'shiro-extras' project, similar in concept
   to Apache Wicket's 'Wicket Stuff' project.

   The difficulty in deciding is based on 1) the likelyhood of the dev
   team supporting an increasing number of integration modules directly at
   the level of quality we wish to maintain and 2) whether or not a
   security framework like Shiro should support frameworks (like
   Wicket and Struts2) that sit 'higher' in the application stack.
   Ideally we'd like the respective web communities to support Shiro since
   we believe it is in their scope to do so, rather than Shiro (a
   security framework) writing integration for multiple
   web frameworks.  This is an ongoing discussion and we've yet to come
   to a decision.