On Mon, 2009-12-21 at 13:26 -0500, Carolyn Beeton wrote: > So far our basic idea for where to associate peers using TLS with an > internal user id so that permissions can be applied to calls going > through sipXecs has been to add it in the ITSP configuration somewhere > (see some of the comments in > http://track.sipfoundry.org/browse/XX-6398). Although this would work > for calls coming through sipXbridge, it doesn't help with calls which > arrive at sipXproxy. So I thought a more general design would look > like this: > > new Trusted Peers menu item (maybe under Users?) > > contains list of trusted peers (FQDN/IPaddr), with Add Trusted Peer > button > > clicking on any trusted peer goes to Permissions page for the internal > user for that trusted peer, with the internal user appropriately > hidden from the user (maybe). > > clicking Apply or OK creates (if necessary) a new special internal > user id for that trusted peer (~~pi~<domain>) with the configured > permissions, and replicates the peeridentities.xml mapping file with > the trusted domain name and the internal user to be used for that > domain. > > Quick help for the page: "To allow calls from an authenticated peer to > use resources that require permissions, add the domain as a Trusted > Peer (specify FQDN or IP address) and configure the permissions for > it. The peer must use TLS to communicate to this system, and the > Certificate Authority used to sign certificates must be installed on > both systems." > > Quick links: Certificate Authorities > > Thoughts? Of course opinions on wording, etc welcome.
The organization sounds just right. I'm not that comfortable with the "Trusted" part of the label, though. "Trust" is a sweeping term... I'm concerned that someone might decide that they 'trust' their ITSP and add them... I'm not sure I have a better suggestion... "Peer Systems" ? _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
