Abstract It is important to know the presence of other concurrently online users before real-time communication can be established with them. While many instant messaging (IM) systems are available, there is no standard protocol for online presence notification due to the proprietary nature of such systems. These systems generally have many security weaknesses such as anonymous messaging, message spoofing, account hijacking and authorization overriding because they depend heavily on client-side operations. This paper proposes an open protocol for online presence notification that also provides negotiation support for real-time communication services. The open nature of the protocol promotes interoperability, but demands higher levels of security than proprietary ones. The separation of instant messaging from online presence notification also distinguishes this open protocol from others. Furthermore, a relatively secure presence notification system based on the proposed protocol has been implemented with its performance evaluated.