[asterisk-dev] AstriDevCon - PineMango

Nir Simionovich nir.simionovich at gmail.com
Thu Oct 9 04:49:17 CDT 2008


hm...

While I do agree with oej that security is a must, when allowing such
core level interconnect, i would also agree with Brian that the toll
required may be one that we are unable to undertake at this point in
time.

Applying the Theory of Constraints here appears to be required. The
main quastion that needs to be asked is, what is our constraint here?
If the constraint is complexity, then the answer is a carefull
rollout, if the constraint is security then  the answr is levels of
API abstraction. In both cases, this is immediately translated into
additional work and planning.

Maybe the authorization/authentication layer isn't the correct methodology?

Thoughts anyone....

Nir S  via nokia E90

Nothing beats sitting on the poll and writting emails :-)

On 10/9/08, Johansson Olle E <oej at edvina.net> wrote:
>
> 8 okt 2008 kl. 23.20 skrev Nir Simionovich:
>
>> That diagram is not 100% correct.  For example, we nixed the
>> authentication layer since it is such a large undertaking for the
>> limited gain it would provide
>
> That's a very interesting statement in regards to security...
>
> The authorization layer is very much needed if we're going to open up
> the core this way.
>
> Authentication is a different thing, but needs to be taken care of too.
>
> /O
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>



More information about the asterisk-dev mailing list