[please don't top post on this list] Dave Deutschman wrote: > Controlling who has access to a users presence does need to be controlled. > Todd is correct that executives do not want staff to be able to monitor > their presence.
I did not think about the presence... I still would like to have the ability to add speed dial for my boss even if I cannot monitor her presence. So maybe we can just restrict "monitoring" aspect of speed dials. > > The CounterPath soft phones utilizing their peer-to-peer presence issue a > request to the target party to authorize the request to monitor their > presence. This is not practical with hard phones. > > Other applications utilize a while list / black list concept to authorize > functions such as this. If users could create an list in their User portal > of the extensions that are authorized to monitor presence, the Config UI > could verify authorization when a speed dial entry added with Subscribe to > presence checked. > > This also removes the need for an Admin to get involved. That makes more sense to me. We could have "let people to see my status" config on a user and group level. And we can improve upon it by letting people to specify who exactly is entitled to seeing the status (again by allowing people to list groups or users individually). > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Todd Hodgen > Sent: Tuesday, November 17, 2009 9:24 AM > To: 'Damian Krzeminski'; [email protected] > Subject: Re: [sipX-dev] Improvement request to enable/disable speed dial > permission from admin for users > > It does make sense that an Administrator should be able to control if > presence information is available about particular users. As an example, > you don't necessarily want staff of a company being able to add presence on > their phone for the executives in the company, without proper authority. > Since this is controlled in speed dial, the administrator would need to have > the ability to control this on a per user basis. > > I can see some liability to having presence available to anyone and > everyone, and potentials for abuse if the administrator doesn't have the > ability to control it. > [...] I do think this is pushing on configuration some enforcement that should be in the system. Just because sipXconfig won't let people to configure something does not mean that people won't be able to monitor others' call status. I am just weary of any signs of security by obscurity. D. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
