[asterisk-dev] Pinemango -- Authorization API

Tilghman Lesher tilghman at mail.jeffandtilghman.com
Tue Oct 14 15:33:04 CDT 2008

On Tuesday 14 October 2008 11:25:09 Brian Degenhardt wrote:
> Russell Bryant wrote:
> > Johansson Olle E wrote:
> >> The fact that Russell, who's the current maintainer of Asterisk, votes
> >> for taking authorization out of the
> >> picture is very disappointing to me.
> >
> > I do not vote for taking it out of the picture.  I am simply in
> > agreement with the things that Brian, Tim and now Kevin have been
> > saying, which is that we should allow the framework to handle policy
> > decisions.
> The hooks component from the PineMango diagram is a great way to do this
> too.  The hooks don't even have to be really security-related.  Imagine
> that asterisk executed a hook every time the following things happened:
> * SIP registration
> * Codec negotiation
> * res_features transfer
> * Barge/Whisper/Spy toggle
> * External MWI Event/NOTIFY
> If my app controlling Asterisk is asked, via a hook, each time these
> things happen, I can then impose my external business-rules governed
> security policy.  Maybe the user hasn't paid for MWI service, or perhaps
> they are only allowed to Barge on certain callers.  Possibly they can
> only register phones on nights and weekends.
> I don't need a mechanism to define these policies in the core.  I
> desperately need a mechanism to control these things from outside of
> Asterisk.

The hooks, alone, aren't a good way, either.  Consider two companies on the
same machine.  A hook as the entire implementation of an authorization
model would allow Company A to prohibit any activity that Company B wants
to do that requires a hook, simply by denying all activity that it does not


More information about the asterisk-dev mailing list