3.7.5.1 Setting ACEs for a Contact
Adding a contact is usually accompanied by a setACE operation to allow that contact to view user presence and communicate with the user.
This is done by using an ACL that is associated with each user object stored in the server database. The ACL is composed of access control entries (ACEs), which are two character strings that encode the permissions attributed to a certain URI relative to a given user. The From URI for an SIP INVITE request or a SIP SUBSCRIBE request is compared against the ACL for the user in the To header to determine whether or not the request is to be allowed. This comparison occurs in two different places. The server MUST enforce the presence (SUBSCRIBE) portion of the ACE. The client MUST enforce the session initiation (INVITE) portion of the ACE. Finally, note that the ACE comparison can take one of three forms: it can apply to all URIs, it can apply to a specific SIP URI, or it can apply to a specific SIP domain.