Asterisk SCF - A Developer Focused Open Source Communications Platform
Recently I had the pleasure of attending my first FOSDEM, FOSDEM 2011. It was an intense weekend of open source presentations and conversations, and was quite enjoyable (although exhausting). Of course, it doesn't hurt that FOSDEM is held in Brussels, which has some of the best food I've ever had in Europe! (No, they aren't kidding about how good the frites are... you really do need to try them)
At this event I participated in the Open Source Telephony Dev Room, where I gave a presentation about the developer APIs we are building in Asterisk SCF. While it's still pretty early in the project's life, we've got a pretty good idea of how we want them to work, because we've had years of application/system developers telling us what they really need from a communications platform. Just before FOSDEM, the Asterisk SCF development team agreed on what the very first Extension Point that we'd build was going to be: SIP authentication. In Asterisk SCF, an Extension Point is a place where a developer can 'hook' their own code to modify/influence the behavior of another component, without having to look at that component's source code (or modify it, as is usually the case). In most cases, they will be places where a component has to make a decision about how to proceed while handling a request, but the decision necessarily involves some sort of policy to be defined. In most applications, the policy is usually defined by a set of (possibly quite complex) configuration options, which a system administrator can set (hopefully) to tell the system exactly how they wish it to behave.
For relatively simple systems, this mechanism works fairly well, but as we've learned with Asterisk over the 11+ years it has existed, these systems are rarely simple, and can in fact get quite complex. If a particular system requires a much more complex policy decision, especially if that policy involves consulting databases, web services or some other form of information request, then it is likely that platform won't have the right kind of configuration 'knobs' built in... and the administrator/developer will have no choice but to either modify their policy, modify the software, or both.
Enter the Extension Point: a developer interface designed specifically to allow for this sort of requirement to be satisfied. In this case, the Asterisk SCF SIP components will provide all the mechanisms required to implement authentication of incoming requests, but they won't provide anything but the most basic mechanisms to decide whether authentication of a particular request should be required. These basic mechanisms will suffice for very simple networks, but they won't support dynamic or complex decision making.
Instead, an Asterisk SCF system administrator or application developer can deploy a small 'hook' component, one which will receive notification that a SIP request has arrived, along with all its gory details, and it can then tell the requesting SIP component whether that request should be accepted as-is, or if authentication should be requested, or if the component defers to make a decision (allowing another, lower priority, component the chance to decide).
Because Asterisk SCF uses Ice from ZeroC for all its communications between components, this 'hook' component can be written in a variety of languages, including (at least) C++, C#, Java and Python. This means that a hook component developer can use a language they are familiar with, and that gives them easy access to the resources they need to make their policy decisions... they don't have to learn a new language, they aren't forced to use complex or obscure mechanisms to request information from databases or web services, and they can deploy these components on platforms they are comfortable with (including Microsoft Windows!).
The FOSDEM presentation goes over these basic concepts, and then walks the reader through how the SIP Authentication Extension Point interface is designed. In addition to the presentation, I showed the audience two example 'hook' components, in Python and Java. The presentation and sample code links are in the box below; if you are a communications application developer (or even just a system administrator looking for more powerful mechanisms), take a look. We hope you like what you see there... because there's a lot more where that came from!