The scope of this feasibility study is limited to authentication of network elements which are using NDS/IP, and located in the inter-operator domain.
It means that this study concentrates on authentication of Security Gateways (SEG), and the corresponding
Za-interfaces. Authentication of elements in the intra-operator domain is considered as an internal issue for the
operators. This is quite much in line with TS 33.210
which states that only Za is mandatory, and that the security domain operator can decide if the Zb-interface is deployed or not, as the Zb-interface is optional for implementation.
However, NDS/AF can easily be adapted to intra-operator use. This is just a simplification of the inter-operator case as all NDS/IP NEs and the PKI infrastructure belong to the same operator. Validity of certificates may be restricted to the operator's domain.