A security node controls access to an internet protocol multi-media system (IMS) from an application server outside the system. The multi-media system includes a session protocol server (S-CSCF) and a subscriber database (HSS). The security node comprises a database access control node operable to control access to the subscriber database (HSS) from the application server, a session message control node operable to control communication of the messages to the session protocol server from the application server, and a control information database for storing control data. The control data specifies conditions for accessing the subscriber database (HSS) and for communicating with the session protocol server (S-CSCF). The database access control node is operable to control access to the subscriber database in accordance with the control data, and the session message control node is operable to control communication of messages to the session protocol server in accordance with the control data. Embodiments of the present invention can provide a facility for an application server operating externally to an internet protocol multi-media system (IMS) network to have controlled access to resources within the IMS network. For example, the access may be controlled in accordance with a policy agreed between an operator of the IMS network and an operator of the application server.