[asterisk-dev] AstriDevCon - PineMango
Johansson Olle E
oej at edvina.net
Sat Oct 11 11:59:23 CDT 2008
9 okt 2008 kl. 18.28 skrev Russell Bryant:
> Brian Degenhardt wrote:
>> This whole auth thing is a good idea. It's definitely worth
>> keeping in
>> mind. However, to demand that it MUST be implemented in our first
>> stab
>> at giving Asterisk a usable programming API risks bloating the
>> scope of
>> the project to the point that it would never get done.
>
> From someone more than likely to be heavily involved in figuring out
> how we would acquire the time and resources to make this happen ...
> +2 :)
If you create the architecture without this in mind from start, there
will no resources
available on earth to fix it afterwards. I think it's just plain naive
to create
an API on this level today without doing proper work on authorization.
To solve it outside of Asterisk is also something that might be done,
but then you disable it in Asterisk after you know that you can trust
another model. But it should really be architectured within the core.
A new framework should not be built with a notion of "security -
that's somebody else's problem!". For me, that's just bad.
/O
More information about the asterisk-dev
mailing list