Woof! On Thu, Oct 21, 2010 at 8:08 PM, Douglas Hubler <[email protected]> wrote: (In the document)
> Applications can then relax their authentication to allow all traffic from > localhost and disallow everything else Yes, exactly what sipXivr already does now, and for those exact reasons. Forcing every internal REST service to authorize, and also to expend the CPU overhead for SSL encryption per service just makes no sense. I'm glad to see a bigger picture view being taken here. I applaud the effort. Add fixed VPN's between boxes (so even box-box request need not be SSL handshaked and encrypted) and a globally accepted certificate authorized user (like superadmin on steroids) so authorized third party systems can configure and control the system AND individual accounts without requiring users to share their passwords, and this will be a very nice architecture with which to grow. --Woof! _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
