datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Common Policy: A Document Format for Expressing Privacy Preferences
RFC 4745

Network Working Group                                     H. Schulzrinne
Request for Comments: 4745                                   Columbia U.
Category: Standards Track                                  H. Tschofenig
                                           Siemens Networks GmbH & Co KG
                                                               J. Morris
                                                                     CDT
                                                              J. Cuellar
                                                                 Siemens
                                                                 J. Polk
                                                            J. Rosenberg
                                                                   Cisco
                                                           February 2007

  Common Policy: A Document Format for Expressing Privacy Preferences

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document defines a framework for authorization policies
   controlling access to application-specific data.  This framework
   combines common location- and presence-specific authorization
   aspects.  An XML schema specifies the language in which common policy
   rules are represented.  The common policy framework can be extended
   to other application domains.

Schulzrinne, et al.         Standards Track                     [Page 1]
RFC 4745                     Common Policy                 February 2007

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................4
   3. Modes of Operation ..............................................4
      3.1. Passive Request-Response - PS as Server (Responder) ........5
      3.2. Active Request-Response - PS as Client (Initiator) .........5
      3.3. Event Notification .........................................5
   4. Goals and Assumptions ...........................................6
   5. Non-Goals .......................................................7
   6. Basic Data Model and Processing .................................8
      6.1. Identification of Rules ....................................9
      6.2. Extensions .................................................9
   7. Conditions .....................................................10
      7.1. Identity Condition ........................................10
           7.1.1. Overview ...........................................10
           7.1.2. Matching One Entity ................................11
           7.1.3. Matching Multiple Entities .........................11
      7.2. Single Entity .............................................14
      7.3. Sphere ....................................................15
      7.4. Validity ..................................................16
   8. Actions ........................................................17
   9. Transformations ................................................18
   10. Procedure for Combining Permissions ...........................18
      10.1. Introduction .............................................18
      10.2. Combining Rules (CRs) ....................................18
      10.3. Example ..................................................19
   11. Meta Policies .................................................21
   12. Example .......................................................21
   13. XML Schema Definition .........................................22
   14. Security Considerations .......................................25
   15. IANA Considerations ...........................................25
      15.1. Common Policy Namespace Registration .....................25
      15.2. Content-type Registration for
            'application/auth-policy+xml' ............................26
      15.3. Common Policy Schema Registration ........................27
   16. References ....................................................27
      16.1. Normative References .....................................27
      16.2. Informative References ...................................28
   Appendix A. Contributors ..........................................29
   Appendix B. Acknowledgments .......................................29

Schulzrinne, et al.         Standards Track                     [Page 2]

[include full document text]