[asterisk-dev] Introduction to ASA - the Asterisk Security Architecture
Tim Panton
thp at westhawk.co.uk
Mon Oct 13 10:36:46 CDT 2008
On 13 Oct 2008, at 15:53, Johansson Olle E wrote:
>
> 13 okt 2008 kl. 16.27 skrev Tzafrir Cohen:
>
>> On Mon, Oct 13, 2008 at 02:12:39PM +0200, Johansson Olle E wrote:
>>> Friends,
>>> I've collected some notes and ideas and produced yet another PDF for
>>> you to look at, read and then discuss.
>>>
>>> http://edvina.net/asterisk/asa-intro.pdf
>>
>> So a channel has to have a single user and domain. And perhaps
>> multiple
>> groups.
>
>>
>>
>> The domain name is an arbitrary string. But meaningful for some
>> channel
>> drivers. VoIP channels may try to resolve it. Can you give an
>> example of
>> a place where knowing the domain helps?
> SIP.
> You want different contexts, codecs, service sets (transfer,
> subscriptions)
> for each domain.
>
>>
>>
>> What do we gain from the privileges model of multiple groups? Do you
>> actually mean that every group membership should translate to some
>> specific permission?
>
> Good question.
>
> In Astum, it was just a way to inherit properties, much like
> templates.
> This needs some thinking...
>
> Keep the comments coming!
> /O
>
I had a thought over the weekend - perhaps we need to step away from the
user/group/domain/ vs object -> yes/no model
In most cases there is a direct cost to an action, and the user has a
'budget'
Is there any merit in trying to model things that way?
So an anonymous incomming call might get a budget of Zero and therefore
only do things that cost Zero (or less).
Internal users get a Budget of (say $5) so can call anywhere (except
premium numbers).
Is that too mad ?
T.
More information about the asterisk-dev
mailing list