0.4 is in the making. The JDBC code has been reworked a little it and needs a little extra work. Next in the pipeline is an Hibernate realm implementation.
Internal release 0.3 is out. There's no binary distribution, but it's been tagged in SVN. New features in this release include the ability to write authorization rules in groovy (support for other scripting languages is possible in the future). This gives the maximum flexibility for defining custom rules.
AuthX 0.2 was released internally. This is the first usable version of the framework. It features memory realm, jdbc realm, groups and roles support and a rule based authorization framework. An XML front-end is provided to configure groups, roles and authorization rules.
An example application is provided to demonstrate usage of the framework.
AuthX is the new official name for Janus. Package names and web site docs have been updated accordingly. We're nearing a release ...
A lot has happened under the hood since this summer and we're nearing a first release. The goal of this first release is to demonstrate usage of the framework.
The authentication subsystem has matured and a new rule based authorization mechanism replaces the old role based only one. Memory implementations are provided with XML frontends for realms, information providers and policies. A proof of concept of a JDBC backend is also available for security realms.
See the roadmapfor details of what to expect next.
We're currently focusing on bringing the documentation up-to-date. This includes reworking the web site, updating Jira and producing draft documentation on the Wiki.
Work has begun in the the sandbox to rewrite the authorization stuff. Directions can be found on the Wiki.
The authentication apis have been frozen. They look stable enough for now. A username-password implementation along with support for groups and roles.
Users, roles and groups can be configured using XML files and a JDBC backend is also available for usernames/passwords definitions.
The whole authorization mechanism has been rewritten to use a rule-based approach. We believe this will give us great flexibility to implement a broad range of security policy requirements. Since 0.3 release, we don't expect this to change much as well.
XML and Groovy are the 2 ways to configure the rule based engine. The configurable XML definition is the closest to a domain specific language, and the groovy approach is the most dynamic and flexible.