Common Policy, see http://www.ietf.org/rfc/rfc4745.txt, is a XML-based format for expressing privacy preferences. In order to be used it needs to be extended for a specific application usage. One such application using the Common Policy framework is for presence authorization (see http://tools.ietf.org/wg/simple/draft-ietf-simple-presence-rules/). A further example is location-based authorization policies (see Geolocation Policy described in http://tools.ietf.org/wg/geopriv/draft-ietf-geopriv-policy/).
Let us consider a presence authorization example to describe its usage. The watcher is allowed to access presence information (the ‘allow’ value for <sub-handling>). They will be granted access to all services whose contact URI schemes are sip and mailto. Person information is also provided. However, since there is no <provide-devices>, no device information will be given to the watcher. Within the service and person information provided to the watcher, the <activities> element will be shown, as will the <user-input> element. However, any “idle-threshold” and “since” attributes in the <user-input> element will be removed. Finally, the presence attribute <foo> will be shown to the watcher. Any other presence attributes will be removed.
<?xml version=”1.0″ encoding=”UTF-8″?>