Introduction

From Kasai documentation

[edit] What is Kasai?

Kasai - "Square a key with a lock" in Quechua (The ancient language that the Inca people spoke)

Kasai is a 100% Java based authentication and authorization framework. It allows you to integrate into your application a granular, complete and manageable permission scheme. The goal of the framework is to provide a simple-to-use-yet-powerful security environment for multi-user applications. Unlike JAAS, Kasai provides a much higher security abstraction, it's targeted at the specific security requirements that arise in real-life applications such as Intranets, ERPs, CRMs, document managers, accounting systems, etc.

From the authorization point of view, Kasai lets you:

  • Manage your users, groups and entities (over which you can later on define authorizations)
  • Define a fine-grained permission hierarchy and group them into roles (ie: administrators, power-users, users, etc.)
  • Associate a user or group with an entity, by assigning the pair a role (thus giving the user/group a set of privileges over that entity)

From the authentication point of view, Kasai lets you:

  • Authenticate your users with existing credential repositories
  • Use the provided authentication mechanisms (NT, Unix via PAM, DBMS) or develop your own through a very simple plugin architecture

Additionally, Kasai includes a very powerful and performing auditing system that records all users activity on a relational database. This components can be re-used to build complete and solid auditing capabilities into your applications.

Kasai is provided as a Java library (JAR file) and can be used through a simple API. Additionally, a full blown Ajax powered web application is bundled that provides user, groups and roles management, as well as query access to the audit records. Kasai is licensed under the LGPL so you can use it both in commercial and open-source projects.

[edit] What is in this release?

This release of Kasai (v2.0) includes the following features:

  • JAR distribution of the platform
  • Integrated authentication via NT, PAM, AS/400, custom DBMS. Custom plug-in development support.
  • Authorizations by group or user.
  • Permission management using users, groups, roles and operatives.
  • Auditing of all transactions to the DBMS.
  • Built-in audit query functions.
  • Auditing engine that lets you audit all your application events, recording user performing the transaction, ip address, timestamp, transaction id, transaction data, and more.
  • Complete SOAP API to use Kasai via web services.
  • Ajax powered web administrative application, including user, group and role management, as well as audit query access

[edit] What is still left to do?

Check out our to-do list at CVS , and please consider helping out if you're interested.

Retrieved from "http://kasai.manentiasoftware.com/docs/index.php/Introduction"
Personal tools
Navigation