Welcome to Smaash.
Smaash is an authorization as a service implementation built using Dropwizard. Integration with Smaash provides enterprises with centrally controlled and audited access to resources. It exists primarily to provide this API call:
GET /smaash/{resource}/{user}
e.g. curl https://server/smaash/logo.jpg/jbloggs
{"uri":"logo.jpg","principal":"jbloggs","hasAccess":true}
i.e. To ask the question: is the user jbloggs permitted to access the resource logo.jpg?
Authentication and authorization
Authentication is the assertion of a user's identity, that is to say proving that a user really is jbloggs, normally by validating their password. Authorization then involves deciding what that authenticated user is permitted to access. Authentication is outside the scope of Smaash.
Who's this for and why would they use it?
Smaash is primarily designed initially for large organisations who have more than one service they maintain in-house and for whom security and compliance are paramount. By filtering access requests through Smaash they can not only control who is able to view individual resources at a row level but also maintain a central audit trail. This audit trail could feed into intrusion detection, be used to ascertain the extent of leaks and a host of other critical security functions.
It's also intended to be used by application developers who want an open, free authorization layer which is simple to integrate with other services.
Support or Contact
Having trouble with Smaash? Check out the project pages at https://github.com/richmidwinter/smaash.