[asterisk-dev] AstriDevCon - PineMango

Tim Panton thp at westhawk.co.uk
Sat Oct 11 14:29:45 CDT 2008

On 11 Oct 2008, at 18:56, Johansson Olle E wrote:

> 10 okt 2008 kl. 11.45 skrev Tim Panton:
>> We should make sure we leave the possibility of a security layer, but
>> we should not specify it untill we have a much clearer picture of
>> how the
>> API is used, and hence what the appropriate security model should be.
> Tim,
> Have you seen a large framework that successfully implemented security
> at release 2 and got all the developers to accept it and implement it?

Well, as it happens, yes, both Java and Win32 had fine grain object  
security added
after the API was a success. Java 1.0 had a basic (and broken) sandbox  
which  was replaced in 1.2 (I think). Win 32 (in Windows 3 and 95) had  
_no_ security
what so ever, but from Windows NT onwards there was security enforced  
by the

In these cases they had to throw out most of the implementation of the  
core API
when they added the security layer but the API itself remained and was  

I'm assuming a definition of success you may not agree with ;-)


More information about the asterisk-dev mailing list