Scott wrote: > If the resource list server isn't going to do the > enforcement, then the protection is more apparent than > real... not sure I'd go there...
sipXecs RLS already does enforce, in that the user without the permission will not have a resource list to subscribe to. What we should not do is have sipXproxy examine SUBSCRIBEs addressed directly to user AORs, and selectively block them based on the event package type. The "Subscribe to presence" permission should apply only to sipXecs RLS facilities. i.e. It does not apply to requests addressed directly addresses to user AORs. If the request can be authenticated with valid user credentials, then we'll proxy it. When the user has network access to the other user's phone, sipXproxy could not possibly prevent a direct SUBSCRIBE anyway. -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
