Office Communications Server 2007 R2 has the potential to disclose information over a public network that might be able to be linked to an individual. The information types can be broken down to two specific categories:
- Enhanced presence data
- Mandatory data
Enhanced presence data is information that a user can choose to share or not share over a link to a federated partner or with contacts within an organization. This data is not shared with users on a public IM network. Group policy and client configuration may put some control with the system administrator. Mandatory data is data that is required for the proper operation of the server or the client and is NOT under the control o f the client or system administration. This is information that is necessary at a server or network level for the purposes of routing, state maintenance, and signaling.
The following tables list the data that is exposed.
Table 1. Discretionary Data
| Data disclosed | Possible settings |
|---|---|
|
Personal Data |
Name, Title, Company, E-mail address, Time zone |
|
Telephone Numbers |
Work, Mobile, Home |
|
Calendar Information |
Free/Busy, Out-of-town notice, meeting details (to those who have access to your calendar) |
|
Presence Status |
Away, Available, Busy, Do Not Disturb, Offline |
Table 2. Mandatory Data
| Data disclosed | Example information |
|---|---|
|
IP Address |
Actual address of computer or NATed address |
|
SIP URI |
jeremylos@litwareinc.com |
|
Name |
Jeremy Los (as defined in Active Directory Domain Services) |