The Session Initiation Protocol (SIP) is a protocol for creating, modifying, and terminating computer network-based communication sessions, such as for an Internet-based telephone call between two or more participants. Since its introduction numerous enhancements to SIP have been proposed, including the SIP Instant Messaging and Presence Leveraging Extensions (SIMPLE) framework in which one or more network entities, such as computer users, create subscriptions on a server, known as a “presence” server, to receive presence information regarding another network entity, referred to as a “presentity.” When a change in the presentity's presence information is detected, such as when the presentity “publishes” such a change to the presence server, SIP is used to send a notification to the subscribers regarding the change.
Another enhancement allows for authorization rules to be created to enable presence servers to determine whether subscribers to a presentity's presence information, referred to as “watchers,” are permitted to receive such information, and, if so, what aspects of the presentity's presence information they may receive. The authorization rules for a presentity, such as are defined in RFC 4745 and draft-ietf-simple-presence-rules-10 of the Internet Engineering Task Force (IETF), typically includes a <ruleset> element that may contain multiple <rule> elements. Each <rule> may have one or more <conditions>, <actions>, and <transformations> elements, where a <conditions> element defines conditions that need to be met before executing the remaining parts of a rule, such as conditions based on the identity of the subscriber, the <actions> element indicates whether the subscription should be allowed or blocked, and the <transformations> element specifies operations that presence server must execute for modifying the presence document that is returned to the subscriber. For example, the <transformations> element may include specific permission elements that define what presence attributes may be provided to the subscriber.
The evaluation of authorization rules typically involves the following steps:
Retrieving the authorization rules of the subscribed presentity, such as from an XML Document Management Server (XDMS) where the authorization rules are stored as an XML document;
Parsing the authorization rules;
Evaluating the <conditions> of each rule to determine if the rule applies to the subscription request;
Determining the <action> to be taken where a rule applies to the subscription. If more than one rule applies to the subscriber, determining a combined action to be taken;
Evaluating the <transformations> indicated by each applicable rule. If more than one rule is applicable, determining a combined transformation;
Filtering the presence information of the subscribed presentity according to the applicable transformation/combined transformations.
A presence server typically evaluates the authorization rules when a request to create, renew, or cancel a subscription is received, as well as before sending any notification to a subscriber, such as when there is a change in the presence information of the subscribed resource. These steps involve resource-heavy tasks, such as database access, communication with another server, XML parsing, and XML manipulation. The evaluation of authorization rules is therefore a major bottleneck for a presence server, resulting in reduced capacity of the number of subscriptions a single server can handle, as well as increased response latency. Systems and/or methods for more efficient application of authorization rules would therefore be advantageous.