[Asterisk-Users] New Asterisk bounty: SIP simultaneous

Tue Jul 13 23:55:56 MST 2004

Olle E. Johansson wrote:

>Agreed. I wasn't clear enough. Asterisk have users in
many
>places, but no centralized view of a "user".

Agreed.

>I haven't said that parallel forking is my recommended
>way of doing this.

Fair enough.

>I've stated several times that it doesn't
>really comply with the architecture of Asterisk, unless
>done in an Asterisk-architecture friendly way :-)
>And adding it will not solve the user dilemma, as you
>say.

The trouble is that some folks, the ones who only got a
hammer, ignored that part of your comments, possibly even
on purpose.

I am concerned about the danger of introducing features
into Asterisk which water down its philosophy. If features
are to be added it should be for the right reasons, not
for the wrong ones.

>> Not if you give them a means to provision it
themselves.
>> This can be as easy as an extension that asks for a PIN
>> number and then executes a shell script.
>
>Right. Please send samples of this so we can add it to
the Wiki!

The account provisioning scripts I have done so far are
called either from some GUI interface or they are executed
on the command line. I haven't used them for self
provisioning yet but I know that it would be fairly easy
to "misappropriate" them for that purpose.

When I get the time, I will add a bit of "end user glue"
and post an example.

>Thats where we should go. [peer]s and [user]s being
devices
>(IMEI) and a new user architecture representing the IMSI.
>We have accountcode now. It's not enough.

It may well be worth while implementing (parts of) the GSM
IMSI specification into Asterisk. Combined with support
for SIM card readers this would make it possible to use
standard SIM cards to sign on to an Asterisk driven
network.

Without the SIM card the devices could still log on to
Asterisk, but they would be placed in a restricted
context. Then, when a SIM card is inserted and
authenticated, the account will be attached to the device
and it will then be placed in the context associated with
that user.

Of course there could be alternative methods for user
authentication in addition to SIM cards. Still I think it
would make sense to use the GSM specification *where
applicable* instead of creating yet another format.

The authentication algorithm would have to be replaced
with RSA or something though, because the GSM A5 algorithm
is secret and available only to licensed GSM operators who
joined the GSM Association. Rather silly that those folks
still seem to believe in secret authentication algorithms,
eh?!

But apart from that pesky A5 thing, the way GSM
authenticates users is pretty well designed. You have got
the handset which can access the network even without a
SIM but then only emergency services are authorised. If a
SIM card is present, a request to authenticate will be
sent to the user's network's HLR (Home Location Registry)
from where the SIM card will then be authenticated. Once
this was successful, a temporary entry is created in the
VLR (Visited Location Registry) that serves the spot in
which the user happens to be. This entry then determines
which services the user is authorised to use, voice,
messaging, data, value added etc.

If you are interested to look into this a bit further and
if only for inspiration, but haven't got access to the
documentation, I have the entire ETSI GSM standard
documentation on CD. So, if you want to take a peek,
contact me by email at benjamin (at) sunrise (dash) tel
(dot) com.

rgds
benjk

__________________________________________________
Do You Yahoo!?
http://bb.yahoo.co.jp/