2011 March - Board report for Apache Shiro

Apache Shiro is a powerful and flexible open-source application security
framework that cleanly handles authentication, authorization, enterprise
session management and cryptography.

We have no issues that require Board assistance at this time.

Releases:
- No releases since our first 1 Nov 2010 1.1.0 release

Community & Project:
 - No new committers or PMC members

 - The project team is discussing the possibility of releasing a
   1.1.1 bug fix point release or moving directly to a 1.2 release.

 - Documentation efforts have increased significantly the last two
   months, with new Authentication and Authorization guides being written
   with many cleanup edits of the existing framework documentation.
   February (last month) represented the highest traffic volume to date
   for the Apache Shiro website (just shy of 10k site visits), indicating
   these edits are paying off.

 - Some new integration efforts by both committers and end-users for
   integrating with third party authentication systems seems to have picked up
   lately, with discussions about supporting OpenId, OAuth, and maybe
   Oracle SSO

 - In the last three months, the community has indicated areas for
   significant improvement in the codebase which will probably make their
   way into a 2.0 release.  There is currently no timeline for 2.0, but
   ideas are being tracked at
   https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming.

   Most notable of the improvements are the continued migration to favoring
   architecture that emphasizes OO composition over inheritance, affording
   our end-users an even more pluggable approach to application security.