[asterisk-dev] AstriDevCon - PineMango

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sat Oct 11 12:54:15 CDT 2008


On Sat, Oct 11, 2008 at 06:59:23PM +0200, Johansson Olle E wrote:
> 
> 9 okt 2008 kl. 18.28 skrev Russell Bryant:
> 
> > Brian Degenhardt wrote:
> >> This whole auth thing is a good idea.  It's definitely worth  
> >> keeping in
> >> mind.  However, to demand that it MUST be implemented in our first  
> >> stab
> >> at giving Asterisk a usable programming API risks bloating the  
> >> scope of
> >> the project to the point that it would never get done.
> >
> > From someone more than likely to be heavily involved in figuring out
> > how we would acquire the time and resources to make this happen ...  
> > +2  :)
> 
> If you create the architecture without this in mind from start, there  
> will no resources
> available on earth to fix it afterwards. I think it's just plain naive  
> to create
> an API on this level today without doing proper work on authorization.
> 
> To solve it outside of Asterisk is also something that might be done,
> but then you disable it in Asterisk after you know that you can trust
> another model. But it should really  be architectured within the core.
> 
> A new framework should not be built with a notion of "security -
> that's somebody else's problem!". For me, that's just bad.

Let's look into a little example. One of the operations a control
interface would allow is to originate the generation of another channel. 

How exactly would you allow a useful but limited channel origination
action? What exactly is "limited"?

Suppose I want I user to be able to originate calls from his phone. I do
want to allow Joe to originate calls from SIP/Joe (or is it ZAP/12 ?).
I don't want Jow to be able to originate calls from SIP/trunk/123456 .


I want to be able to let some remote users connect through those
interfaces. And we can't really trust remote users to play nice.

How do you link such a remote user to some limitation on channels?

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-dev mailing list