You do realize you are describing everything that Corraleta can do.....but of course it's Java so you aren't interested.
For anyone else on the list feel free to call to request the SDK install guide. Regards, Dean Collins [EMAIL PROTECTED] +1-212-203-4357 Ph <http://click.mexuar.com/webuser/click/7/userurl/Cognation> <http://click.mexuar.com/webuser/nojs/7/userurl/Cognation> -------------------------------------------------------------------- www.Mexuar.com <http://www.mexuar.com/> Want to voice enable your website? Use Corraleta to reach your customers in 10 seconds or less. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:asterisk-users- > [EMAIL PROTECTED] On Behalf Of Salvatore Giudice > Sent: Saturday, 21 April 2007 1:46 AM > To: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: RE: [asterisk-users] Softphone that supports central provisioning? > > > A complete provisioning system for soft phones could impart some of the same > authentication models used for popular IM clients. Imagine a large > enterprise who wants to give out several thousand soft phones to employees > in a turnkey fashion requiring the employee's network credentials to > authenticate at the start of each session. Generally, it is not acceptable > to use employee credentials to perform SIP digest authentication. Employee > credentials are meant for employees, not devices or software that sets up a > session on behalf of an employee. > > The solution to this kind of setup is to use a soft phone that can be > downloaded on demand and presents the employee with a simple > username/password/domain login box. In one such system that I worked on, the > client would take the credentials from the employee and authenticate via > HTTPS to a simple CGI script that authenticates the credentials against an > Active Directory setup. Once the employee is authenticated, the CGI script > sets a temporary password in a database that is accessible by a radius > server and sends back all the provisioning information including the > employee's office number and the temporary session password via XML in the > HTTPS POST response. The client then logs into the SIP service using the > session credentials. > > The employee is required to re-authenticate at the start of each soft phone > session or after a timed interval when the temporary session password is > expired from radius. > > The advantages to this kind of setup are: > 1.) you don't have employee credentials stored in soft phones > 2.) you avoid locking out employee credentials when policy-based password > changes are required because of rapid authentication failures from a SIP > device with stored credentials > 3.) no SIP service credentials are stored in the soft phones > 4.) in the event that the temporary session password is stolen from a soft > phone installation, it is only good for a short period of time usually > limited to 12 hours > 5.) HTTPS is a significantly better provisioning method than TFTP (cough > Cisco...) because it is encrypted and you have the opportunity to validate a > cert from the provisioning server to ensure that the soft phone client is > talking directly to the provisioning server. Man in the middle attacks suck. > 6.) it's a lot easier to change provisioning information for all clients > without requiring employees to download a new soft phone with hardcoded > settings or trying to get employees to implement changes on their phones > manually. For the same reason, it reduces initial setup complexity and also > eliminates the bulk of setup related support calls > > We have put together implementations of this kind of system before for > clients. Usually, this kind of scenario is not something we discuss outside > our training classes or at conventions. Generally, this kind of system is > commonly requested by enterprise and government customers when they seek to > extend their phone system to employees for road warrior, pandemic, disaster > recovery, or occasional work at home scenarios. > > > > -------------------------------------------------- > Salvatore Giudice > [EMAIL PROTECTED] > > VoIP Security Training, LLC > http://VoIPSecurityTraining.com > > 848 N. Rainbow Blvd. #1676 > Las Vegas, NV 89107 > Phone: (702) 979-2906 > Fax: (212) 279-2906 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tzafrir Cohen > Sent: Friday, April 20, 2007 9:01 PM > To: asterisk-users@lists.digium.com > Subject: Re: [asterisk-users] Softphone that supports central provisioning? > > On Fri, Apr 20, 2007 at 11:48:20AM -0400, James FitzGibbon wrote: > > Has anyone found a softphone that supports pulling it's configuration from > a > > central server via TFTP/FTP/HTTP, much like hard desk phones use? > > Why would you want to do that? > > There are well-known and established tools to "provision" (centrally > configure) software running on computers in a entwork. Why should the > soft phones be configured any differently? > > What OS do you use on the desktops? > > -- > Tzafrir Cohen > icq#16849755 jabber:[EMAIL PROTECTED] > +972-50-7952406 mailto:[EMAIL PROTECTED] > http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
image001.gif
Description: image001.gif
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
