[asterisk-dev] AstriDevCon - PineMango

Brian Degenhardt bmd at digium.com
Thu Oct 9 11:20:40 CDT 2008


Johansson Olle E wrote:
> 8 okt 2008 kl. 23.20 skrev Nir Simionovich:
> 
>> That diagram is not 100% correct.  For example, we nixed the
>> authentication layer since it is such a large undertaking for the
>> limited gain it would provide
> 
> That's a very interesting statement in regards to security...
> 
> The authorization layer is very much needed if we're going to open up  
> the core this way.
> 
> Authentication is a different thing, but needs to be taken care of too.

To clarify, we're talking about fine-grained auth here, not the yes/no
type in a password to use the API socket.  We currently don't
authenticate AGI scripts, cli commands, dialplan scripts, and manager's
security model is a joke.

Meanwhile, to properly do the security we're talking about would involve
passing ownership credentials around in every ast_chan structure, every
event, every *_pvt and peer structure, as well as every dialplan switch.

Finally, both Jay Phillips and I agree that the auth mechanism can be
implemented at the framework layer.  Take a look at Switchvox's
fine-grained permissions structures as an example of auth done higher up
the stack:

http://www.switchvox.com/sv?cmd=screenshots&pic=3

While it would be nice to be able to partition an asterisk instance into
two halves that cannot access each other:
a) we can't do that now, but we seem to manage.
b) the development effort is massive.
c) running asterisk in virtualization or just running two processes is
almost just as good.
d) two of the largest proponents of this API effort don't need it

This whole auth thing is a good idea.  It's definitely worth keeping in
mind.  However, to demand that it MUST be implemented in our first stab
at giving Asterisk a usable programming API risks bloating the scope of
the project to the point that it would never get done.

cheers
-bmd






More information about the asterisk-dev mailing list