Content for  TR 22.895  Word version:  12.0.0

Top   Top   None   None   None
0…   2__$

0  IntroductionWord‑p. 5
To ensure competitiveness in a longer time frame an evolution of the overall 3GPP system needs to be considered.
This document investigates the functionality and requirements needed to integrate Single Sign-On (SSO) and identity management capabilities within the 3GPP network and their corresponding offered services. The Single Sign-On (SSO) feature enables a 3GPP operator to become an Identity Provider and leverage existing 3GPP services and authentication mechanisms to grant access to Affiliated Application Services located outside the operator's domain without additional user intervention.
The Single Sign-On (SSO) framework is characterized by:
  • positioning the operator as the preferred Identity Provider;
  • executing user authentication for Affiliated Application Services using 3GPP authentication mechanisms and infrastructure;
  • providing reliable and robust secure credential handling;
  • cost-efficient deployment and operation; and
  • delivering convenience and ease of use for the consumer accessing Application Services (on a mobile device).
1  ScopeWord‑p. 6
The Single Sign-On (SSO) framework integration with 3GPP network resource and services intends to execute a comprehensive set of use cases and service requirements to serve various operator authentication configurations.
The scope of the Single Sign-On (SSO) integration study is to:
  • provide service and deployment scenarios for 3GPP operators adopting an integrated approach to SSO, including web, person-to-person and M2M service scenarios;
  • provide transparent identification and seamless authentication to Application Services on behalf of the user;
  • support a comprehensive set of use cases of integration of different Identity and SSO frameworks (e.g OpenID) for various operator authentication configurations;
  • define use cases and provide service requirements for Operators sharing controlled user credentials with Affiliated Application Service Providers;
  • define use cases and service requirements associated with ensuring that the intended user is making use of the associated SSO capability (including the case when the UE has been stolen or lost);
  • realize the Identity Provider role within the 3GPP network ecosystem and its influence among outside internet web service providers; and
  • provide an enhanced user experience with secure, reliable access and authentication to Affiliated Application Services.

Up   Top