Content for  TS 23.003  Word version:  16.3.0

28.7  Network Access Identifier (NAI)  Word‑p. 117

28.7.1  Introduction

This clause describes the NAI formats used in the 5G System.

28.7.2  NAI format for SUPI

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542.

A SUPI containing a network specific identifier shall take the form of a Network Access Identifier (NAI). See clause 5.9.2 of TS 23.501 for the definition and use of the network specific identifier.

See clauses 28.15.2 and 28.16.2 for the NAI format for a SUPI containing a GCI or a GLI.

28.7.3  NAI format for SUCI

When the SUPI is defined as a Network Specific Identifier, the SUCI shall take the form of a Network Access Identifier (NAI). In this case, the NAI format of the SUCI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where the realm part shall be identical to the realm part of the Network Specific Identifier.

When the SUPI is defined as an IMSI, the SUCI in NAI format shall have the form username without a realm part as specified in clause 2.2 of IETF RFC 7542.

The username part of the NAI shall take one of the following forms:

1. for the null-scheme:
   type<supi type>.rid<routing indicator>.schid<protection scheme id>.userid<MSIN or Network Specific Identifier SUPI username>
2. for the Scheme Output for Elliptic Curve Integrated Encryption Scheme Profile A and Profile B:
   type<supi type>.rid<routing indicator>.schid<protection scheme id>.hnkey<home network public key id>.ecckey<ECC ephemeral public key value>.cip<ciphertext value>.mac<MAC tag value>
3. for HPLMN proprietary protection schemes:
   type<supi type>.rid<routing indicator>.schid<protection scheme id>.hnkey<home network public key id>. out<HPLMN defined scheme output>
   See clause 2.2B for the definition and format of the different fields of the SUCI.

Examples:

Assuming the IMSI 234150999999999, where MCC=234, MNC=15 and MSISN=0999999999, the Routing Indicator 678, and a Home Network Public Key Identifier of 27, the NAI format for the SUCI takes the form:

• for the null-scheme:
  type0.rid678.schid0.userid0999999999
• for the Profile <A> protection scheme:
  type0.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip< encryption of 0999999999>.mac<MAC tag value>

Assuming the Network Specific Identifier user17@example.com, the Routing Indicator 678, and a Home Network Public Key Identifier of 27, the NAI format for the SUCI takes the form:

• for the null-scheme:
  type1.rid678.schid0.useriduser17@example.com
• for the Profile <A> protection scheme:
  type1.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip< encryption of user17>.mac<MAC tag value>@example.com

See clauses 28.15.5 and 28.16.5 for the NAI format for a SUCI containing a GCI or a GLI.

28.7.4  Emergency NAI for Limited Service State  Word‑p. 118

This clause describes the format of the UE identification when UE is performing an emergency registration and IMSI is not available or not authenticated.

The Emergency NAI for Limited Service State shall take the form of an NAI, and shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542. The exact format shall be:

• imei<IMEI>@sos.invalid

or if IMEI is not available,

• mac<MAC>@sos.invalid

For example, if the IMEI is 219551288888888, the Emergency NAI for Limited Service State then takes the form of imei219551288888888@sos.invalid.

For example, if the MAC address is 44-45-53-54-00-AB, the Emergency NAI for Limited Service State then takes the form of mac4445535400AB@sos.invalid, where the MAC address is represented in hexadecimal format without separators.

28.7.5  Alternative NAI

The Alternative NAI shall take the form of a NAI, i.e. 'any_username@realm' as specified of RFC 7542. The Alternative NAI shall not be routable from any AAA server.

The Alternative NAI shall contain a username part that is not a null string.

The realm part of the NAI shall be "unreachable.3gppnetwork.org".

The result shall be an NAI in the form of:

"<any_non_null_string>@unreachable.3gppnetwork.org".

28.7.6  NAI used for 5G registration via trusted non-3GPP access |R16|

While performing the EAP-authentication procedure when a UE attempts to register to 5GCN via a trusted non-3GPP access network (see clause 4.12a in TS 23.502), the UE shall use a NAI in the following format:

• "<any_non_null_string>@nai.5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

Where:

1. the username part <any_non_null_string> is any non null string; and
2. the <MNC> and <MCC> identify the PLMN (either HPLMN or VPLMN) to which the UE attempts to connect via the trusted non-3GPP access as described in clause 6.3.12 of TS 23.501.

28.7.7  NAI used by N5CW devices via trusted non-3GPP access |R16|  Word‑p. 119

While performing the EAP authentication procedure when a non 5G capable over WLAN (N5CW) device attempts to register to 5GCN via a trusted non-3GPP access network (see clause 4.12b in TS 23.502), the N5CW device shall use a NAI in the following format:

• "<5G_device_unique_identity>@nai.5gc-nn.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

Where:

1. the username part <5G_device_unique_identity> is to identify the N5CW device and contains either:
   • SUCI as defined as the username part of the NAI format in clause 28.7.3, if the UE is not registred to 5GCN via NG-RAN; or
   • 5G-GUTI as defined as the username part of the NAI format in clause 28.7.8, if the N5CW device is registred to 5GCN via NG-RAN; and
2. the <MNC> and <MCC> identify the PLMN (either HPLMN or VPLMN) to which the N5CW device attempts to connect via the trusted non-3GPP access as described in clause 6.3.12 of TS 23.501.
3. Editor's note: It is assumed that an N5CW device has a USIM. Whether the N5CW device has a USIM or not is FFS.

28.7.8  NAI format for 5G-GUTI |R16|

The NAI format of the 5G-GUTI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542.

The username part of the NAI shall take the following form:

tmsi<5G-TMSI>.pt<AMF Pointer>.set<AMF Set Id>.region<AMF Region Id>

<5G-TMSI>, <AMF Pointer>, <AMF Set Id> and <AMF Region Id> are the hexadecimal strings of the 5G-TMSI, AMF Pointer, AMF Set ID and AMF Region ID. If there are less than 8 significant digits in <5G-TMSI>, "0" digit(s) shall be inserted at the left side to fill the 8 digits coding. If there are less than 2 significant digits in <AMF Pointer> or <AMF Region Id>, "0" digit(s) shall be inserted at the left side to fill the 2 digits coding of the AMF Pointer or AMF Region Id respectively. If there are less than 3 significant digits in <AMF Set Id>, "0" digit(s) shall be inserted at the left side to fill the 3 digits coding.

Example:

Assuming 5G-TMSI = 06666666 (hexadecimal), AMF Pointer=12 (hexadecimal), AMF Set = 001 (hexadecimal), AMF Region = 48 (hexadecimal), the username part of the NAI is encoded as:

• "tmsi06666666.pt12.set001.region48"

The NAI for an N5CW device in a PLMN (either HPLMN or VPLMN) with MNC=012 and MCC=345, to which the N5CW device attempts to connect via the trusted non-3GPP access, according to clause 28.7.7 is:

"tmsi06666666.pt12.set001.region48@nai.5gc-nn.mnc012.mcc345.3gppnetwork.org"

28.8  Generic Public Subscription Identifier (GPSI)  Word‑p. 120

The Generic Public Subscription Identifier (GPSI) is defined in clause 5.9.8 of TS 23.501.

The GPSI is defined as:

• a GPSI type: in this release of the specification, it may indicate an MSISDN or an External Identifier; and
• dependent on the value of the GPSI type:
  • an MSISDN as defined in clause 3.3; or
  • an External Identifier as defined in clause 19.7.2.

28.9  Internal-Group Identifier

28.10  Presence Reporting Area Identifier (PRA ID)

28.11  CAG-Identifier |R16|

28.12  NF Set Identifier (NF Set ID) |R16|  Word‑p. 121

A NF Set Identifier is a globally unique identifier of a set of equivalent and interchangeable CP NFs from a given network that provide distribution, redundancy and scalability (see clause 5.21.3 of TS 23.501).

An NF Set Identifier shall be constructed from the MCC, MNC, NID (for SNPN), NF type and a Set ID.

A NF Set Identifier shall be formatted as the following string:

• set<Set ID>.<nftype>set.5gc.mnc<MNC>.mcc<MCC> for a NF Set in a PLMN, or
• set<Set ID>.<nftype>set.5gc.nid<NID>.mnc<MNC>.mcc<MCC> for a NF Set in a SNPN.

where:

• the <MCC> and <MNC> shall identify the PLMN of the NF Set and shall be encoded as follows:
  • <MCC> = 3 digits
  • <MNC> = 3 digits
  If there are only 2 significant digits in the MNC, one "0" digit shall be inserted at the left side to fill the 3 digits coding of MNC.
• the Network Identifier (NID) shall be encoded as hexadecimal digits as specified in clause 12.7.
• the <NFType> shall identify the NF type of the NFs within the NF set and shall be encoded as a value of Table 6.1.6.3.3-1 of TS 29.510 but with lower case characters;
• the Set ID shall be a NF type specific Set ID within the PLMN, chosen by the operator, that shall consist of alphabetic characters (A-Z and a-z), digits (0-9) and/or the hyphen (-) and that shall end with either an alphabetic character or a digit;
• the case of alphabetic characters is not significant (i.e. two NF Set IDs with the same characters but using different lower and upper cases identify the same NF Set).
  For an AMF set, the Set ID shall be set to "<AMF Set ID>.region<AMF Region ID>", with the AMF Region ID and AMF Set ID encoded as defined in TS 29.571.

EXAMPLE 1:

setxyz.smfset.5gc.mnc012.mcc345

EXAMPLE 2:

set12.pcfset.5gc.mnc012.mcc345

EXAMPLE 3:

set1.region48.amfset.5gc.mnc012.mcc345 (for AMF Region 48 (hexadecimal) and AMF Set 1)

EXAMPLE 4:

setxyz.smfset.5gc.nid000007ed9d5.mnc012.mcc345 for a SNPN with the NID 000007ed9d5 (hexadecimal).

FQDN.

NF Instances of an NF Set are equivalent and share the same MCC, MNC, NID (for SNPN), NF type and NF Set ID.

28.13  NF Service Set Identifier (NF Service Set ID) |R16|

28.14  Data Network Access Identifier (DNAI) |R16|  Word‑p. 122

A Data Network Access Identifier (DNAI) is an operator defined identifier of a user plane access to one or more DN(s) where applications are deployed (see clauses 3.1 and 5.6.7 in TS 23.501). The same DN may also be referred to by multiple DNAIs.

DNAI is represented as an operator specific string (see clause A.2 in TS 29.571. The format of the DNAI is defined by the operator and is not standardized.

28.15  Global Cable Identifier (GCI) |R16|  Word‑p. 123

28.15.1  Introduction

This clause describes the GCI formats used in the 5G System.

28.15.2  NAI format for SUPI containing a GCI

A SUPI containing a GCI shall take the form of a Network Access Identifier (NAI).

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where:

• the username part shall be the GCI, as defined in clause 28.15.4;
• the realm part shall identify the operator owning the subscription; if the operator owns a PLMN ID, the realm part should be in the form:
  "5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

EXAMPLE 1:

00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org

EXAMPLE 2:

00-00-5E-00-53-00@operator.com

28.15.3  User Location Information for RG accessing the 5GC via W-5GCAN (HFC Node ID)

The User Location information for a 5G-CRG/FN-CRG accessing the 5GC via a Wireline 5G Cable Access network (W-5GCAN) shall take the form of an HFC Node ID. The HFC Node ID consists of a string of up to six characters as specified in CableLabs WR-TR-5WWC-ARCH [134].

28.15.4  GCI

The GCI uniquely identifies the line connecting the 5G-CRG or FN-CRG to the 5GS.

The GCI is a variable length opaque identifier, encoded as specified in CableLabs WR-TR-5WWC-ARCH [134] and CableLabs DOCSIS MULPI [135]. It shall comply with the syntax specified in clause 2.2 of IETF RFC 7542 for the username part of a NAI.

EXAMPLE:

00-00-5E-00-53-00

28.15.5  NAI format for SUCI containing a GCI

The SUCI containing a GCI shall take the form of a Network Access Identifier (NAI).

The NAI format of the SUCI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where the realm part shall be identical to the realm part of the SUPI (see clause 28.15.2).

The username part of the NAI shall be encoded as specified for the null-scheme in clause 28.7.3, i.e. it shall take the following form:

type3.rid0.schid0.userid<username>

where the username shall be encoded as the username part of the SUPI (see clause 28.15.2).

EXAMPLE 1:

type3.rid0.schid0.userid00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org

EXAMPLE 2:

type3.rid0.schid0.userid00-00-5E-00-53-00@operator.com

28.16  Global Line Identifier (GLI) |R16|  Word‑p. 124

28.16.1  Introduction

This clause describes the GLI formats used in the 5G System.

28.16.2  NAI format for SUPI containing a GLI

A SUPI containing a GLI shall take the form of a Network Access Identifier (NAI).

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where:

• the username part shall be the GLI, as defined in clause 28.16.4;
• the realm part shall identify the operator owning the subscription; if the operator owns a PLMN ID, the realm part should be in the form:
  • "5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

28.16.3  User Location Information for RG accessing the 5GC via W-5GBAN

The User Location information for a 5G-BRG/FN-BRG accessing the 5GC via a Wireline BBF Access Network (W-5GBAN) shall take the form of a GLI as defined in clause 28.16.4.

28.16.4  GLI

The GLI uniquely identifies the line connecting the 5G-BRG or FN-BRG to the 5GS.

The GLI is a variable length opaque identifier, consisting of a string of up to 200 base64-encoded characters, representing the GLI value (up to 150 bytes) encoded as specified in BBF WT-470 [133].

28.16.5  NAI format for SUCI containing a GLI

The SUCI containing a GLI shall take the form of a Network Access Identifier (NAI).

The NAI format of the SUCI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where the realm part shall be identical to the realm part of the SUPI (see clause 28.16.2).

The username part of the NAI shall be encoded as specified for the null-scheme in clause 28.7.3, i.e. it shall take the following form:

type2.rid0.schid0.userid<username>

28.17  DNS subdomain for operator usage in 5GC