Content for TS 23.003 Word version: 17.0.0

1… 2… 2.8… 3… 4… 5… 6… 7… 8… 9… 10… 11 12… 13… 14… 15… 16… 17… 18… 19… 19.4… 19.5… 20… 21… 22… 23… 24… 25… 26… 27… 28… 28.4… 28.7… 29… A… B… C… D E…

28.7 Network Access Identifier (NAI) 28.7.1 Introduction 28.7.2 NAI format for SUPI 28.7.3 NAI format for SUCI 28.7.4 Emergency NAI for Limited Service State 28.7.5 Alternative NAI 28.7.6 NAI used for 5G registration via trusted non-3GPP access 28.7.7 NAI used by N5CW devices via trusted non-3GPP access 28.7.8 NAI format for 5G-GUTI 28.8 Generic Public Subscription Identifier (GPSI) 28.9 Internal-Group Identifier 28.10 Presence Reporting Area Identifier (PRA ID) 28.11 CAG-Identifier 28.12 NF Set Identifier (NF Set ID) 28.13 NF Service Set Identifier (NF Service Set ID) 28.14 Data Network Access Identifier (DNAI) 28.15 Global Cable Identifier (GCI) 28.15.1 Introduction 28.15.2 NAI format for SUPI containing a GCI 28.15.3 User Location Information for RG accessing the 5GC via W-5GCAN (HFC Node ID) 28.15.4 GCI 28.15.5 NAI format for SUCI containing a GCI 28.16 Global Line Identifier (GLI) 28.16.1 Introduction 28.16.2 NAI format for SUPI containing a GLI 28.16.3 User Location Information for RG accessing the 5GC via W-5GBAN 28.16.4 GLI 28.16.5 NAI format for SUCI containing a GLI 28.17 DNS subdomain for operator usage in 5GC
...

28.7 Network Access Identifier (NAI) Word‑p. 118

28.7.1 Introduction

This clause describes the NAI formats used in the 5G System.

28.7.2 NAI format for SUPI

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542.
A SUPI containing a network specific identifier shall take the form of a Network Access Identifier (NAI). See clause 5.9.2 of TS 23.501 for the definition and use of the network specific identifier.
See clauses 28.15.2 and 28.16.2 for the NAI format for a SUPI containing a GCI or a GLI.

28.7.3 NAI format for SUCI

When the SUPI is defined as a Network Specific Identifier, the SUCI shall take the form of a Network Access Identifier (NAI). In this case, the NAI format of the SUCI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where the realm part shall be identical to the realm part of the Network Specific Identifier.
When the SUPI is defined as an IMSI, the SUCI in NAI format shall have the form username without a realm part as specified in clause 2.2 of IETF RFC 7542.
The username part of the NAI shall take one of the following forms:

for the null-scheme:
type<supi type>.rid<routing indicator>.schid<protection scheme id>.userid<MSIN or Network Specific Identifier SUPI username>

for the Scheme Output for Elliptic Curve Integrated Encryption Scheme Profile A and Profile B:
type<supi type>.rid<routing indicator>.schid<protection scheme id>.hnkey<home network public key id>.ecckey<ECC ephemeral public key value>.cip<ciphertext value>.mac<MAC tag value>

for HPLMN proprietary protection schemes:
type<supi type>.rid<routing indicator>.schid<protection scheme id>.hnkey<home network public key id>. out<HPLMN defined scheme output>
See clause 2.2B for the definition and format of the different fields of the SUCI.

Examples:
Assuming the IMSI 234150999999999, where MCC=234, MNC=15 and MSISN=0999999999, the Routing Indicator 678, and a Home Network Public Key Identifier of 27, the NAI format for the SUCI takes the form:

for the null-scheme:
type0.rid678.schid0.userid0999999999

for the Profile <A> protection scheme:
type0.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip< encryption of 0999999999>.mac<MAC tag value>

Assuming the Network Specific Identifier user17@example.com, the Routing Indicator 678, and a Home Network Public Key Identifier of 27, the NAI format for the SUCI takes the form:

for the null-scheme:
type1.rid678.schid0.useriduser17@example.com

for the Profile <A> protection scheme:
type1.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip< encryption of user17>.mac<MAC tag value>@example.com

See clauses 28.15.5 and 28.16.5 for the NAI format for a SUCI containing a GCI or a GLI.

28.7.4 Emergency NAI for Limited Service State Word‑p. 119

This clause describes the format of the UE identification when UE is performing an emergency registration and IMSI is not available or not authenticated.
The Emergency NAI for Limited Service State shall take the form of an NAI, and shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542. The exact format shall be:

imei<IMEI>@sos.invalid

NOTE:
The top level domain ".invalid" is a reserved top level domain, as specified in RFC 2606, and is used here due to the fact that this NAI never needs to be resolved for routing.

or if IMEI is not available,

mac<MAC>@sos.invalid

For example, if the IMEI is 219551288888888, the Emergency NAI for Limited Service State then takes the form of imei219551288888888@sos.invalid.
For example, if the MAC address is 44-45-53-54-00-AB, the Emergency NAI for Limited Service State then takes the form of mac4445535400AB@sos.invalid, where the MAC address is represented in hexadecimal format without separators.

28.7.5 Alternative NAI Word‑p. 120

The Alternative NAI shall take the form of a NAI, i.e. 'any_username@realm' as specified of RFC 7542. The Alternative NAI shall not be routable from any AAA server.
The Alternative NAI shall contain a username part that is not a null string.
The realm part of the NAI shall be "unreachable.3gppnetwork.org".
The result shall be an NAI in the form of:

"<any_non_null_string>@unreachable.3gppnetwork.org".

28.7.6 NAI used for 5G registration via trusted non-3GPP access |R16|

While performing the EAP-authentication procedure when a UE attempts to register to 5GCN via a trusted non-3GPP access network (see clause 4.12a in TS 23.502), the UE shall use a NAI in the following format:

"<any_non_null_string>@nai.5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

Where:

the username part <any_non_null_string> is any non null string; and

the <MNC> and <MCC> identify the PLMN (either HPLMN or VPLMN) to which the UE attempts to connect via the trusted non-3GPP access as described in clause 6.3.12 of TS 23.501.

NOTE 1:
The username part of the NAI is not used to identify the UE since the UE is identified by its NAS registration to the 5GCN independent of using the NAI. The realm part of the NAI is however used by the trusted non-3GPP access for TNGF selection.

NOTE 2:
In case of 5GCN, there is no need for a decorated NAI as in EPC (see clause 19.3.3), since the UE sends a NAS registration request to the PLMN including a SUCI or 5G-GUTI.

28.7.7 NAI used by N5CW devices via trusted non-3GPP access |R16|

While performing the EAP authentication procedure when a non 5G capable over WLAN (N5CW) device attempts to register to 5GCN via a trusted non-3GPP access network (see clause 4.12b in TS 23.502), the N5CW device shall use a NAI in the following format:

"<5G_device_unique_identity>@nai.5gc-nn.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

Where:

the username part <5G_device_unique_identity> is to identify the N5CW device and contains either:

SUCI as defined as the username part of the NAI format in clause 28.7.3, if the UE is not registred to 5GCN via NG-RAN; or

5G-GUTI as defined as the username part of the NAI format in clause 28.7.8, if the N5CW device is registred to 5GCN via NG-RAN; and

the <MNC> and <MCC> identify the PLMN (either HPLMN or VPLMN) to which the N5CW device attempts to connect via the trusted non-3GPP access as described in clause 6.3.12 of TS 23.501.

NOTE:
As defined in TS 33.501, an N5CW device is authenticated using EAP-AKA', thus, it has a USIM that stores the HPLMN identity.

28.7.8 NAI format for 5G-GUTI |R16| Word‑p. 121

The NAI format of the 5G-GUTI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542.
The username part of the NAI shall take the following form:

tmsi<5G-TMSI>.pt<AMF Pointer>.set<AMF Set Id>.region<AMF Region Id>

<5G-TMSI>, <AMF Pointer>, <AMF Set Id> and <AMF Region Id> are the hexadecimal strings of the 5G-TMSI, AMF Pointer, AMF Set ID and AMF Region ID. If there are less than 8 significant digits in <5G-TMSI>, "0" digit(s) shall be inserted at the left side to fill the 8 digits coding. If there are less than 2 significant digits in <AMF Pointer> or <AMF Region Id>, "0" digit(s) shall be inserted at the left side to fill the 2 digits coding of the AMF Pointer or AMF Region Id respectively. If there are less than 3 significant digits in <AMF Set Id>, "0" digit(s) shall be inserted at the left side to fill the 3 digits coding.
Example:

Assuming 5G-TMSI = 06666666 (hexadecimal), AMF Pointer=12 (hexadecimal), AMF Set = 001 (hexadecimal), AMF Region = 48 (hexadecimal), the username part of the NAI is encoded as:

"tmsi06666666.pt12.set001.region48"

The NAI for an N5CW device in a PLMN (either HPLMN or VPLMN) with MNC=012 and MCC=345, to which the N5CW device attempts to connect via the trusted non-3GPP access, according to clause 28.7.7 is:

"tmsi06666666.pt12.set001.region48@nai.5gc-nn.mnc012.mcc345.3gppnetwork.org"

28.8 Generic Public Subscription Identifier (GPSI)

The Generic Public Subscription Identifier (GPSI) is defined in clause 5.9.8 of TS 23.501.

The GPSI is defined as:

a GPSI type: in this release of the specification, it may indicate an MSISDN or an External Identifier; and
dependent on the value of the GPSI type:
- an MSISDN as defined in clause 3.3; or
- an External Identifier as defined in clause 19.7.2.

28.9 Internal-Group Identifier

Internal-Group Identifier is a network internal globally unique ID which identifies a set of SUPIs (e.g. MTC devices) from a given network that are grouped together for one specific group related service (see TS 23.501, clause 5.9.7).

An Internal-Group Identifier shall be composed in the same way as IMSI-Group Identifier (see clause 19.9).

If a 5G subscriber's IMSI belongs to an IMSI-Group identified by a given IMSI-Group Identifier X, the IMSI shall also belong to the Internal-Group identified by the Internal-Group Identifier X.

28.10 Presence Reporting Area Identifier (PRA ID)

The Presence Reporting Area Identifier (PRA ID) is used to identify a Presence Reporting Area (PRA).

PRAs can be used for reporting changes of UE presence in a PRA, e.g. for policy control or charging decisions. See TS 23.501 and TS 23.503.

A PRA is composed of a short list of TAs and/or NG-RAN nodes and/or cells identifiers in a PLMN.A PRA can be:

either a "UE-dedicated PRA", defined in the subscriber profile;
or a "Core Network predefined PRA", pre-configured in AMF.

PRA IDs used to identify "Core Network predefined PRAs" shall not be used for identifying "UE-dedicated PRAs".

The same PRA ID may be used for different UEs to identify different "UE-dedicated PRAs", i.e. PRA IDs may overlap between different UEs, while identifying different "UE-dedicated PRAs".

The PRA ID shall be formatted as an integer within the following ranges:

0 .. 8 388 607 for UE-dedicated PRA
8 388 608 to 16 777 215 for Core Network predefined PRA.

28.11 CAG-Identifier |R16| Word‑p. 122

A Closed Access Group (CAG) within a PLMN is uniquely identified by a CAG-Identifier (see TS 23.501).
The CAG-Identifier shall be a fixed length 32 bit value.

28.12 NF Set Identifier (NF Set ID) |R16|

A NF Set Identifier is a globally unique identifier of a set of equivalent and interchangeable CP NFs from a given network that provide distribution, redundancy and scalability (see clause 5.21.3 of TS 23.501).

An NF Set Identifier shall be constructed from the MCC, MNC, NID (for SNPN), NF type and a Set ID.

A NF Set Identifier shall be formatted as the following string:

set<Set ID>.<nftype>set.5gc.mnc<MNC>.mcc<MCC> for a NF Set in a PLMN, or
set<Set ID>.<nftype>set.5gc.nid<NID>.mnc<MNC>.mcc<MCC> for a NF Set in a SNPN.

where:

the <MCC> and <MNC> shall identify the PLMN of the NF Set and shall be encoded as follows:
- <MCC> = 3 digits
- <MNC> = 3 digits
If there are only 2 significant digits in the MNC, one "0" digit shall be inserted at the left side to fill the 3 digits coding of MNC.
the Network Identifier (NID) shall be encoded as hexadecimal digits as specified in clause 12.7.
the <NFType> shall identify the NF type of the NFs within the NF set and shall be encoded as a value of Table 6.1.6.3.3-1 of TS 29.510 but with lower case characters;
the Set ID shall be a NF type specific Set ID within the PLMN, chosen by the operator, that shall consist of alphabetic characters (A-Z and a-z), digits (0-9) and/or the hyphen (-) and that shall end with either an alphabetic character or a digit;
the case of alphabetic characters is not significant (i.e. two NF Set IDs with the same characters but using different lower and upper cases identify the same NF Set).
For an AMF set, the Set ID shall be set to "<AMF Set ID>.region<AMF Region ID>", with the AMF Region ID and AMF Set ID encoded as defined in TS 29.571.

EXAMPLE 1:

setxyz.smfset.5gc.mnc012.mcc345

EXAMPLE 2:

set12.pcfset.5gc.mnc012.mcc345

EXAMPLE 3:

set1.region48.amfset.5gc.mnc012.mcc345 (for AMF Region 48 (hexadecimal) and AMF Set 1)

EXAMPLE 4:

setxyz.smfset.5gc.nid000007ed9d5.mnc012.mcc345 for a SNPN with the NID 000007ed9d5 (hexadecimal).

FQDN.

NF Instances of an NF Set are equivalent and share the same MCC, MNC, NID (for SNPN), NF type and NF Set ID.

28.13 NF Service Set Identifier (NF Service Set ID) |R16| Word‑p. 123

A NF Service Set Identifier is a globally unique identifier of a set of equivalent and interchangeable CP NF service instances within a NF instance from a given network that provide distribution, redundancy and scalability (see clause 5.21.3 of TS 23.501).
An NF Service Set Identifier shall be constructed from the MCC, MNC, NID (for SNPN), NF instance Identifier, service name and a Set ID.
A NF Service Set Identifier shall be formatted as the following string:

set<Set ID>.sn<Service Name>.nfi<NF Instance ID>.5gc.mnc<MNC>.mcc<MCC> for a NF Service Set in a PLMN, or

set<Set ID>.sn<Service Name>.nfi<NF Instance ID>.5gc.nid<NID>.mnc<MNC>.mcc<MCC> for a NF Service Set in a SNPN.

where:

the <MCC> and <MNC> shall identify the PLMN of the NF Service Set and shall be encoded as follows:

<MCC> = 3 digits

<MNC> = 3 digits

If there are only 2 significant digits in the MNC, one "0" digit shall be inserted at the left side to fill the 3 digits coding of MNC.

the Network Identifier (NID) shall be encoded as hexadecimal digits as specified in clause 12.7.

the NFInstanceID shall identify the NF instance of the NF Service set, as defined by TS 23.501 and TS 29.510;

the ServiceName shall identify the NF service of the NF Service set, as defined by TS 29.510;

the Set ID shall be a service specific Set ID within the NF instance, chosen by the operator that shall consist of alphabetic characters (A-Z and a-z), digits (0-9) and/or the hyphen (-) and that shall end with either an alphabetic character or a digit;

the case of alphabetic characters is not significant (i.e. two NF Service Set IDs with the same characters but using different lower and upper cases identify the same NF Service Set).

EXAMPLE 1:
setxyz.snnsmf-pdusession.nfi54804518-4191-46b3-955c-ac631f953ed8.5gc.mnc012.mcc345

EXAMPLE 2:
set2.snnpcf-smpolicycontrol.nfi54804518-4191-46b3-955c-ac631f953ed8.5gc.mnc012.mcc345

EXAMPLE 3:
setxyz.snnsmf-pdusession.nfi54804518-4191-46b3-955c-ac631f953ed8.5gc.nid000007ed9d5.mnc012.mcc345 for a SNPN with the NID 000007ed9d5 (hexadecimal).

NF service instances from different NF instances are equivalent NF service instances if they share the same MCC, MNC, NID (for SNPN), ServiceName and Set ID.
NF Service Sets belonging to different NF Instances are said to be equivalent, if they share the same MCC, MNC, NID (for SNPN), ServiceName and Set ID.

28.14 Data Network Access Identifier (DNAI) |R16| Word‑p. 124

A Data Network Access Identifier (DNAI) is an operator defined identifier of a user plane access to one or more DN(s) where applications are deployed (see clauses 3.1 and 5.6.7 in TS 23.501). The same DN may also be referred to by multiple DNAIs.
DNAI is represented as an operator specific string (see clause A.2 in TS 29.571. The format of the DNAI is defined by the operator and is not standardized.

28.15 Global Cable Identifier (GCI) |R16|

28.15.1 Introduction

This clause describes the GCI formats used in the 5G System.

28.15.2 NAI format for SUPI containing a GCI

A SUPI containing a GCI shall take the form of a Network Access Identifier (NAI).

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where:

the username part shall be the GCI, as defined in clause 28.15.4;
the realm part shall identify the operator owning the subscription; if the operator owns a PLMN ID, the realm part should be in the form:

"5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

EXAMPLE 1:

00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org

EXAMPLE 2:

00-00-5E-00-53-00@operator.com

28.15.3 User Location Information for RG accessing the 5GC via W-5GCAN (HFC Node ID)

The User Location information for a 5G-CRG/FN-CRG accessing the 5GC via a Wireline 5G Cable Access network (W-5GCAN) shall take the form of an HFC Node ID. The HFC Node ID consists of a string of up to six characters as specified in CableLabs WR-TR-5WWC-ARCH [134].

28.15.4 GCI

The GCI uniquely identifies the line connecting the 5G-CRG or FN-CRG to the 5GS.

The GCI is a variable length opaque identifier, encoded as specified in CableLabs WR-TR-5WWC-ARCH [134] and CableLabs DOCSIS MULPI [135]. It shall comply with the syntax specified in clause 2.2 of IETF RFC 7542 for the username part of a NAI.

EXAMPLE:

00-00-5E-00-53-00

28.15.5 NAI format for SUCI containing a GCI Word‑p. 125

The SUCI containing a GCI shall take the form of a Network Access Identifier (NAI).
The NAI format of the SUCI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where the realm part shall be identical to the realm part of the SUPI (see clause 28.15.2).
The username part of the NAI shall be encoded as specified for the null-scheme in clause 28.7.3, i.e. it shall take the following form:

type3.rid0.schid0.userid<username>

where the username shall be encoded as the username part of the SUPI (see clause 28.15.2).
EXAMPLE 1:

type3.rid0.schid0.userid00-00-5E-00-53-00@5gc.mnc012.mcc345.3gppnetwork.org
EXAMPLE 2:

type3.rid0.schid0.userid00-00-5E-00-53-00@operator.com

28.16 Global Line Identifier (GLI) |R16|

28.16.1 Introduction

This clause describes the GLI formats used in the 5G System.

28.16.2 NAI format for SUPI containing a GLI

A SUPI containing a GLI shall take the form of a Network Access Identifier (NAI).

The NAI for SUPI shall have the form username@realm as specified in clause 2.2 of IETF RFC 7542, where:

the username part shall be the GLI, as defined in clause 28.16.4;
the realm part shall identify the operator owning the subscription; if the operator owns a PLMN ID, the realm part should be in the form:
- "5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org"

The username part of the NAI shall be encoded as specified for the null-scheme in clause 28.7.3, i.e. it shall take the following form:

type2.rid0.schid0.userid<username>

28.17 DNS subdomain for operator usage in 5GC Word‑p. 126

The 5GC nodes DNS subdomain (DNS zone) shall be derived from the MNC and MCC by adding the label "node" to the beginning of the Home Network Domain for 5GC (see clause 28.2) and shall be constructed as:

node.5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org

This DNS subdomain is formally placed into the operator's control. 3GPP shall never take this DNS subdomain back or any zone cut/subdomain within it for any purpose. As a result the operator can safely provision any DNS records it chooses under this subdomain without concern about future 3GPP standards encroaching on the DNS names within this zone.

Content for TS 23.003 Word version: 17.0.0

28.11 CAG-Identifier |R16| Word‑p. 122 A Closed Access Group (CAG) within a PLMN is uniquely identified by a CAG-Identifier (see TS 23.501). The CAG-Identifier shall be a fixed length 32 bit value.

28.11 CAG-Identifier |R16| Word‑p. 122

A Closed Access Group (CAG) within a PLMN is uniquely identified by a CAG-Identifier (see TS 23.501).
The CAG-Identifier shall be a fixed length 32 bit value.