[asterisk-dev] Introduction to ASA - the Asterisk Security Architecture

Johansson Olle E oej at edvina.net
Tue Oct 14 06:34:26 CDT 2008


14 okt 2008 kl. 12.07 skrev Grey Man:

> On Mon, Oct 13, 2008 at 3:45 PM, Johansson Olle E <oej at edvina.net>  
> wrote:
>>
>> I don't think you've read the document. This goes way beyond what
>> you can control in the dialplan. One of the things you can't control
>> there is SIP transfers and subscripts, just as an example. Or manager
>> actions.
>>
>> /O
>>
>
> I read it.
>
> I didn't find the requirements compelling enough to embark on massive
> re-architecture operation. You are very correct that there are some
> things that currently can't be controlled with Asterisk and SIP
> transfers is the classic one, a great addition to Asterisk would be
> able to control which contexts are permitted to accept SIP transfers.
> However I think that's muddying the water a bit there is a form of
> authorisation in Asterisk already and rather then launch of into a new
> bells and whistles design (which software engineers, including myself,
> are wont to do) the requirements really should be solidified and get
> some feedback from the non-developer Asterisk community about how
> compelling they are.
Now, that feedback is difference than the previous one. Contexts doesn't
control everything. But you are right, we need to work on the  
requirements
and then evaluate them before we take any decision in any direction.
>
>
> You asked for feedback and that's mine. If you didn't want dissenting
> views you should have said ;-).

I apologize for my earlier comment, but your reply indicated that
you did not read/understand the problem description, which might
be because I did not write it with enough clarity. I do want all kinds
of feedback.

I'm still listening to the opinions of the others, then I'll try to  
update
the document (and find another name).

/O



More information about the asterisk-dev mailing list