6 Privacy

22.1413GPPPresence serviceStage 1TS

6.1 General privacy requirements

The privacy aspect of presence information and the need for authorisation before providing presence information shall be configurable by the user (i.e. presentity).

The following privacy requirements shall be supported:-

– principal’s privacy

a principal of a presentity shall, at any time, be able to control to whom, for how long and what (all or part of) presence information of the presentity is provided, and a principal of a watcher shall, at any time, be able to control to whom, for how long and what (all or part of) watcher information of the watcher is provided

Note: need to consider where subscriber’s privacy (as distinct from principal’s privacy) requires to be addressed.

Any services using the presence information shall ensure privacy agreement before releasing presence information. The presence service does not address deployment specific issues (e.g. where agreements are stored or how they are negotiated). It only gives requirements for privacy management.

Specific local, national, and regional privacy regulations shall be complied with. In particular, an operator shall, at any time, be able to override principal’s privacy if required to do so.

6.2 Access rules

The principal that controls the presentity shall be able to define access rules, in order to control how the presentity’s presence information is made available for watchers.

These access rules shall define:

– a watcher or groups of watchers allowed access to the presentity’s presence information. For example: watchers x and y are allowed, or only watchers in group z are allowed, or all watchers and groups are allowed.

– the validity of the access authorisation granted for a given watcher or groups of watchers. The access to the presentity’s presence information can be restricted for a certain period (i.e. duration or number of requests), or during specific periods of the day.

– the attributes of the presentity’s presence information that can be made available to a given watcher or groups of watchers.

– the ability to provide different presence information (i.e. both number of attributes and values of attributes) based on the watcher, and principal’s preferences (e.g. its availability). For example: watcher x receives ‘Online/Instant Messaging/im:a@there.com’, while group y receives ‘Offline/Instant Messaging/im:a@there.com’.

A set of default access rules shall be defined by the principal.