Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Session Initiation Protocol Extensions support retrieving the ACL from the server in the form of an XML document. The ACL document contains a list of access control entries (ACEs). An ACE is a set of three attributes:
Type: Type defines what the ACE applies to. A type value of ALL indicates that the ACE applies to all users. A type value of DOMAIN indicates that the ACE applies to all users on a domain. The domain is specified by the mask field. For example, if type is DOMAIN, and mask is "contoso.com", the ACE applies to "sip:user1@sip.contoso.com" and "sip:user@contoso.com" but not to "sip:user3@example.com". A type value of USER implies that the ACE applies to a specific user specified by the mask field.
Mask: A user URI or DNSdomain to which the ACE applies.
Rights: The rights associated with this ACE. This is represented as a list of characters. Each position in the list represents a right. The character in that position represents the value of that right. Four values are defined.
-
Value
Right
A
Allow
D
Deny
P
Prompt
B
Block (Polite blocking)
-
Session Initiation Protocol Extensions uses two characters for the Rights field. The first one specifies the right to view the presence of a user, and the second one defines the right to communicate with a user. The client MUST enforce the right to communicate. The server MUST enforce the right to view presence information.
-
An example NOTIFY message for the roaming ACL data follows.
-
<ACLlist deltaNum="282" > <userACL> <ace type="USER" mask="sip:user2@machine2.example.com" rights="AA"/> <ace type="USER" mask="sip:user3@machine2.example.com" rights="BA"/> <ace type="USER" mask="sip:user4@machine2.example.com" rights="PA"/> <ace type="USER" mask="sip:user5@machine2.example.com" rights="AA"/> <ace type="USER" mask="sip:user6@machine2.example.com" rights="AA"/> </userACL> </ACLlist>
Note The deltaNum attribute in the ACLlist element is a monotonically increasing sequence number provided by the server that the client uses to ensure that its local copy is in sync with the server. The initial value MUST be nonzero and is generally one.