Presence Access Control

  • Article

RTC 1.2 also offers the ability to use access control lists (ACLs) for refined management of incoming Watcher SUBSCRIBE requests. In RTC 1.0, an ACL directly corresponded to a Watcher object; this aspect is perpetuated in RTC for backwards compatibility, and can still be implemented through the traditional IRTCClientPresence::AddWatcher method.

However, the RTC 1.2 implementation adds more overall control by specifying three types of user-controlled Watchers as follows:

  • User Watcher (RTCAS_SCOPE_USER). This Watcher observes a specific SIP URI, and notifies the client of presence changes. For example, the user can watch a specific URI such as toymaker@wingtiptoys.com.
  • Domain Watcher (RTCAS_SCOPE_DOMAIN). This new Watcher type monitors a range of SIP URIs within a specific domain, and notifies the client when any one member incurs a presence change. For example, the Watcher may observe all users in the domain wingtiptoys.com.
  • All Watcher (RTCAS_SCOPE_ALL). This Watcher monitors both specific users within a domain as well as specific user groups in the domain.

The access control entries (ACEs) that make up an ACL can now be applied at the domain level to allow/block users from a particular domain. To add a new Watcher with a specific ACL, call the IRTCClientPresence2::AddWatcherEx method with a value from the RTC_ACE_SCOPE enumeration. A Watcher declared with a scope of RTCAS_SCOPE_DOMAIN and a URI of "wingtiptoys.com" will observe all active SIP URIs within that domain.

When searching available Watchers, the method IRTCClientPresence2::get_WatcherEx returns the Watcher profile that matches a URI, with two levels of match quality: RTCWMM_EXACT_MATCH, which finds a Watcher whose URI exactly matches the supplied one; and RTCWMM_BEST_ACE_MATCH, which will default to an available domain ACE if an identical URI match in that domain is not found. For an example of the latter case, if the requested URI is "toymaker@wingtiptoys.com" and there is no Watcher available for it, the next best ACE match will be "wingtiptoys.com" (assuming "wingtiptoys.com" has a Watcher associated with the domain).