[asterisk-dev] AstriDevCon - PineMango

Michiel van Baak michiel at vanbaak.info
Sat Oct 11 12:19:16 CDT 2008


On Oct 11, 2008, at 6:59 PM, Johansson Olle E wrote:

>
> 9 okt 2008 kl. 18.28 skrev Russell Bryant:
>
>> Brian Degenhardt wrote:
>>> This whole auth thing is a good idea.  It's definitely worth
>>> keeping in
>>> mind.  However, to demand that it MUST be implemented in our first
>>> stab
>>> at giving Asterisk a usable programming API risks bloating the
>>> scope of
>>> the project to the point that it would never get done.
>>
>> From someone more than likely to be heavily involved in figuring out
>> how we would acquire the time and resources to make this happen ...
>> +2  :)
>
> If you create the architecture without this in mind from start, there
> will no resources
> available on earth to fix it afterwards. I think it's just plain naive
> to create
> an API on this level today without doing proper work on authorization.
>
> To solve it outside of Asterisk is also something that might be done,
> but then you disable it in Asterisk after you know that you can trust
> another model. But it should really  be architectured within the core.
>
> A new framework should not be built with a notion of "security -
> that's somebody else's problem!". For me, that's just bad.

Like many of you know I (we, if you count the company that actually  
provides my income) develop a couple of applications on top of Asterisk.
Regarding this issue, I think exposing information about 'contexts',  
'accountcode' etc will be the absolute minimum in this new framework.  
That way it wont be that hard to implement the security in the layer  
on top of it.
Maybe it's not the scope of asterisk to do the authentication on that  
level. I for one would not use it.

If you look at what is there today, we just dont have enough info to  
make decisions on who is who and who has access to what. You can  
'hack' your way around this with reading config-files and all kinds of  
other ways but providing this kind of info in the core API is a must.  
Doing the actual authentication in a layer above that is fine with me.

I'm just writing down what's going on in my mind right now. Feel free  
to ignore it if it misses the project goals ;)

/m



More information about the asterisk-dev mailing list