[asterisk-dev] AstriDevCon - PineMango
Johansson Olle E
oej at edvina.net
Sat Oct 11 16:59:12 CDT 2008
11 okt 2008 kl. 23.47 skrev Tim Panton:
> I'm arguing that the permission checking should be done in the
> _frameworks_
> in a way that makes sense to that framework's problem space, rather
> than being pushed down into the core API.
>
> (There is a problem - what happens if you set up an Adhersion system,
> with a specific security model then someone writes a JTAPI app that
> breaks
> all those rules.?)
Exactly.
And how do the SIP channel know who's allowed to do what?
It all comes down to the core anyway. The SIP channel will hopefully
move towards a more domain based segmentation. I need a way
to find out who's allowed to touch which sip channels, subscriptions,
transfers etc.
How can we enforce segmentation throughout the core, so that we can
allow everything from javascript voicemail check clients to adhersion
frameworks to access
the core without colliding and only accessing what they're allowed to
access? Even if you guys write a wonderful framework that you think
solves all issues, someone will add another plugin on top of the
same pbx.
You can argue that the core need to ask each layer, but I think that's
the
wrong architecture.
Anyway, thanks for starting a more serious discussion than
"this is just too complicated and I'm not interested so let's forget
it".
/O
More information about the asterisk-dev
mailing list