[asterisk-dev] AstriDevCon - PineMango
tzafrir.cohen at xorcom.com
Sat Oct 11 12:54:15 CDT 2008
On Sat, Oct 11, 2008 at 06:59:23PM +0200, Johansson Olle E wrote:
> 9 okt 2008 kl. 18.28 skrev Russell Bryant:
> > Brian Degenhardt wrote:
> >> This whole auth thing is a good idea. It's definitely worth
> >> keeping in
> >> mind. However, to demand that it MUST be implemented in our first
> >> stab
> >> at giving Asterisk a usable programming API risks bloating the
> >> scope of
> >> the project to the point that it would never get done.
> > From someone more than likely to be heavily involved in figuring out
> > how we would acquire the time and resources to make this happen ...
> > +2 :)
> If you create the architecture without this in mind from start, there
> will no resources
> available on earth to fix it afterwards. I think it's just plain naive
> to create
> an API on this level today without doing proper work on authorization.
> To solve it outside of Asterisk is also something that might be done,
> but then you disable it in Asterisk after you know that you can trust
> another model. But it should really be architectured within the core.
> A new framework should not be built with a notion of "security -
> that's somebody else's problem!". For me, that's just bad.
Let's look into a little example. One of the operations a control
interface would allow is to originate the generation of another channel.
How exactly would you allow a useful but limited channel origination
action? What exactly is "limited"?
Suppose I want I user to be able to originate calls from his phone. I do
want to allow Joe to originate calls from SIP/Joe (or is it ZAP/12 ?).
I don't want Jow to be able to originate calls from SIP/trunk/123456 .
I want to be able to let some remote users connect through those
interfaces. And we can't really trust remote users to play nice.
How do you link such a remote user to some limitation on channels?
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev