Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 23.222  Word version:  19.5.0

Top   Top   Up   Prev   Next
0…   4…   5…   6…   6.3…   6.4…   7…   8…   8.5…   8.8…   8.9…   8.13…   8.17…   8.21…   8.25…   8.26…   8.28…   8.30…   9…   10…   10.4…   10.7…   11…   A   B…   B.2…   B.3…   C…   D…
6.3 Functional entities description6.3.1 General6.3.2 API invoker6.3.3 CAPIF core function6.3.4 API exposing function6.3.5 API publishing function6.3.6 API management function6.3.7 Authorization function6.3.8 Resource owner function
...

 

6.3  Functional entities descriptionp. 30

6.3.1  Generalp. 30

Each subclause is a description of a functional entity and does not imply a physical entity.

6.3.2  API invokerp. 30

The API invoker is typically provided by a 3rd party application provider who has service agreement with PLMN operator. The API invoker may reside within the same trust domain as the PLMN operator network. The API invoker may be either an application on a server or an application on a UE.
The API invoker supports the following capabilities:
  • Triggering API invoker onboarding/offboarding;
  • Supporting the authentication by providing the API invoker identity and other information required for authentication of the API invoker;
  • Supporting mutual authentication with CAPIF;
  • Obtaining the authorization prior to accessing the service API;
  • Discovering service APIs information; and
  • Invoking the service APIs.
Up

6.3.3  CAPIF core functionp. 30

The CAPIF core function consists of the following capabilities:
  • Authenticating the API invoker based on the identity and other information required for authentication of the API invoker;
  • Supporting mutual authentication with the API invoker;
  • Publishing, storing and supporting the discovery of service APIs information;
  • Controlling the service API access based on PLMN operator configured policies;
  • Storing the logs for the service API invocations and providing the service API invocation logs to authorized entities;
  • Charging based on the logs of the service API invocations;
  • Monitoring the service API invocations;
  • Onboarding a new API invoker and offboarding an API invoker;
  • Storing policy configurations related to CAPIF and service APIs;
  • Support accessing the logs for auditing (e.g. detecting abuse);
  • Supports publishing, retrieving, unpublishing, updating,and discovering service APIs information with another CAPIF core function in CAPIF interconnection; and
  • Supports slice related API exposure in, e.g., API publish, API discovery, API invoker authorization, API access control.
Up

6.3.4  API exposing functionp. 31

The API exposing function is the provider of the service APIs and is also the service communication entry point of the service API to the API invokers. The API exposing function consists of the following capabilities:
  • Authenticating the API invoker based on the identity and other information required for authentication of the API invoker provided by the CAPIF core function;
  • Validating the authorization provided by the CAPIF core function;
  • Logging the service API invocations at the CAPIF core function; and
  • Hiding the topology of the PLMN trust domain from API invokers, depending on configured policy.
Up

6.3.5  API publishing functionp. 31

The API publishing function enables the API provider to publish the service APIs information in order to enable the discovery of service APIs by the API invoker. The API publishing function consists of the following capability:
  • Publishing the service API information of the API provider to the CAPIF core function; and
  • Retrieving service API information from the CAPIF core function.

6.3.6  API management functionp. 31

The API management function enables the API provider to perform administration of the service APIs. The API management function consists of the following capabilities:
  • Auditing the service API invocation logs received from the CAPIF core function;
  • Monitoring the events reported by the CAPIF core function;
  • Configuring the API provider policies to the CAPIF core function;
  • Monitoring the status of the service APIs;
  • Onboarding new API invokers and offboarding API invokers; and
  • Registering and maintaining registration information of the API provider domain functions on the CAPIF core function.
Up

6.3.7  Authorization function |R18|p. 32

The authorization function has the following capabilities:
  • Acts in an authorization server role as specified in Section 1.1 of RFC 6749,
  • Verifies authorization information for service APIs, upon request from AEF (when the AEF does not have information required to authorize the service API invocation),
  • Uses the RO authorization information (such as user consent) obtained via ROF, when legally required, as part of the authorization of the API invoker to access the RO resources related to a service API.
Up

6.3.8  Resource owner function |R18|p. 32

The resource owner function is responsible for interactions with the resource owner in a similar way to the resource owner's user agent shown in Section 4.1 of RFC 6749. The resource owner function enables the following:
  • Authorization for resource access; and
  • Managing and revoking authorization for resource access.
Up

Up   Top   ToC