[asterisk-dev] AstriDevCon - PineMango
Tim Panton
thp at westhawk.co.uk
Sat Oct 11 14:29:45 CDT 2008
On 11 Oct 2008, at 18:56, Johansson Olle E wrote:
>
> 10 okt 2008 kl. 11.45 skrev Tim Panton:
>
>> We should make sure we leave the possibility of a security layer, but
>> we should not specify it untill we have a much clearer picture of
>> how the
>> API is used, and hence what the appropriate security model should be.
>
> Tim,
> Have you seen a large framework that successfully implemented security
> at release 2 and got all the developers to accept it and implement it?
Well, as it happens, yes, both Java and Win32 had fine grain object
security added
after the API was a success. Java 1.0 had a basic (and broken) sandbox
model
which was replaced in 1.2 (I think). Win 32 (in Windows 3 and 95) had
_no_ security
what so ever, but from Windows NT onwards there was security enforced
by the
kernel.
In these cases they had to throw out most of the implementation of the
core API
when they added the security layer but the API itself remained and was
extended.
I'm assuming a definition of success you may not agree with ;-)
Tim.
More information about the asterisk-dev
mailing list