What is it?
Hurima™ (or “Hubrix Rights Manager”) is a complete API for application access control. It provides:
- A database to store permissions, roles, groups and business rules
- A REST API to bind to an Administration UI
- A REST API to verify, grant, revoke and audit permissions
- Other stuff that we think is pretty great.
Why do I want it?
You may already be using an access-control system. Maybe you have, or integrated with, an existing Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) system. Maybe you developed your own.
You should only consider Hurima if you’re in one of these 4 situations :
- You have no access-control feature in your application (you’re just getting started, or you have not yet added access control)
- Existing RBAC and ABAC solutions are either too complex, or not powerful enough, for your application
- You need your access-control solution to span across multiple applications
- The access-control system / feature-set you have in place isn’t extensible enough for your needs.
How do I use it?
Hurima will be available 3 ways:
- As an open-source project on GitHub and BitBucket. You can download, install, integrate and never tell us (or pay us) anything.
- As a commercially-supported product, with installation packages, yum + apt repository access, AWS / Docker / Rkt images, automatic upgrades and ongoing technical support.
- As a cloud-hosted “virtual private API” that automatically scales with usage, while keeping your instance private, secure and encrypted.
How & When can I get it?
Hurima is currently in development. We expect to have an initial Beta release ready in September 2017. We’re in a hurry, but we don’t have a deadline. We want to ensure that Hurima is solid and reliable, even for the β release.
A feature-set, not a code library
A complete access-control feature-set in a RESTful API
You seem to need a verb?
Neither RBAC nor ABAC but FBAC: Function-Based Access Control. The Verb or Action is center stage, the way the Role is in RBAC.
Built-in Verbs, or add your own
- Built-in Verbs: CRUDM (Create Read Update Delete Merge) + Grant + Revoke
- API Endpoints to add your own Verbs (examples: “Replace,” “Sign,” “Shut off” etc.)
Have it your way
A high-performance access-control engine you can run locally, on a remote server, or in the Cloud
Control Yes. Latency No.
Encrypted, auto-refresh, auto-expiring app-side cache so permission-tests stay immune to Internet latency while still allowing real-time policy updates
For DevOps of All Faiths
Agnostic architecture: works with most popular datastores (file, SQL, noSQL), platforms and languages