[asterisk-dev] Introduction to ASA - the Asterisk Security Architecture

Tim Panton thp at westhawk.co.uk
Mon Oct 13 10:36:46 CDT 2008

On 13 Oct 2008, at 15:53, Johansson Olle E wrote:

> 13 okt 2008 kl. 16.27 skrev Tzafrir Cohen:
>> On Mon, Oct 13, 2008 at 02:12:39PM +0200, Johansson Olle E wrote:
>>> Friends,
>>> I've collected some notes and ideas and produced yet another PDF for
>>> you to look at, read and then discuss.
>>> http://edvina.net/asterisk/asa-intro.pdf
>> So a channel has to have a single user and domain. And perhaps
>> multiple
>> groups.
>> The domain name is an arbitrary string. But meaningful for some
>> channel
>> drivers. VoIP channels may try to resolve it. Can you give an
>> example of
>> a place where knowing the domain helps?
> SIP.
> You want different contexts, codecs, service sets (transfer,
> subscriptions)
> for each domain.
>> What do we gain from the privileges model of multiple groups? Do you
>> actually mean that every group membership should translate to some
>> specific permission?
> Good question.
> In Astum, it was just a way to inherit properties, much like  
> templates.
> This needs some thinking...
> Keep the comments coming!
> /O

I had a thought over the weekend - perhaps we need to step away from the
user/group/domain/ vs object -> yes/no model

In most cases there is a direct cost to an action, and the user has a  
Is there any merit in trying to model things that way?

So an anonymous incomming call might get a budget of Zero and therefore
only do things that cost Zero (or less).

Internal users get a Budget of (say $5) so can call anywhere (except
premium numbers).

Is that too mad ?


More information about the asterisk-dev mailing list