Tech-invite  3GPPspecsRELsGlossariesSIP
Info21222324252627282931323334353637384‑5x

full Contents for  TS 23.222  Word version:   17.0.0

Top   Up   Prev   Next
0…   4…   5   6…   6.3…   7…   8…   8.5…   8.9…   8.13…   8.17…   8.21…   8.25…   9…   10…   11…   A   B…   B.2   B.3   C…   D…

 

8.9  Revoking subscription of the CAPIF eventsWord-p. 51
8.9.1  General
The CAPIF core function allows to revoke subscription of CAPIF events for the subscribing entity related to the service API changes, such as availability events of service APIs, change in service API information, monitoring service API invocations, API invoker onboarding events, etc. This procedure is initiated by the CAPIF core function.
NOTE:
It is optional to trigger notification by the CAPIF core function for revocation of subscription for CAPIF event(s).
8.9.2  Information flows
This subclause describes the information flows for CAPIF event subscription revocation.
8.9.2.1  Subscription revoke notification
Table 8.9.2.1-1 describes the information flow for subscription revoke notification from the CAPIF core function to the subscribing entity.
Information element
Status
Description

Identity information
M
The information to determine the identity of the subscribing entity
Subscription identifier
M
The unique identifier for the event subscription that was provided to the subscribing entity during the CAPIF event subscription operation.
Reason
O
Indicate the reason of subscription revocation

8.9.2.2  Subscription revoke notification acknowledgement
Table 8.9.2.2-1 describes the information flow for subscription revoke notification acknowledgement from the subscribing entity to the CAPIF core function.
Information element
Status
Description

Acknowledgement
M
The acknowledgement for the received notification.

8.9.3  Procedure
Figure 8.9.3-1 illustrates the procedure for subscription revocation, triggered by the CAPIF core function.
Pre-conditions:
  1. The subscribing entity has previously subscribed to CAPIF event(s) to the CAPIF core function.
Up
  1. The CAPIF core function decides to revoke subscription of CAPIF event(s) for the subscribing entity.
  2. The CAPIF core function sends subscription revoke notification to the subscribing entity.
  3. The subscribing entity provides a subscription revoke notification acknowledgement to the CAPIF core function.
8.10  Authentication between the API invoker and the CAPIF core functionWord-p. 52
8.10.1  General
The procedure in this subclause corresponds to the architectural requirements for authentication between the API invoker and the CAPIF core function.
8.10.2  Information flows
NOTE:
The security aspects of this procedure are specified in subclause 6.2 and subclause 6.3.1 of TS 33.122.
8.10.3  Procedure
Figure 8.10.3-1 illustrates the procedure for authentication between the API invoker and the CAPIF core function.
Pre-conditions:
  1. The API invoker is onboarded with the CAPIF core function and the API invoker profile is created.
Up
  1. The API invoker triggers authentication to the CAPIF core function, including the identity confirmed after successful onboarding.
  2. Upon receiving the authentication request, the CAPIF core function verifies the identity with the API invoker profile and authenticates the API invoker.
  3. NOTE 1:
    The authentication process is specified in subclause 6.2 and subclause 6.3.1 of TS 33.122.
  4. The CAPIF core function returns the result of the API invoker identity verification in the authentication response.
  5. NOTE 2:
    The CAPIF core function can share the information required for authentication of the API invoker at the AEF.
Up
8.11  API invoker obtaining authorization to access service APIWord-p. 53
8.11.1  General
The API invoker requires to execute this procedure when it needs to obtain or re-obtain (e.g. upon expiry of the authorization information) the authorization to access the service API. Once the API invoker receives the authorization to access the service API, the API invoker can perform one or multiple service API invocations as per the permission limit. This procedure may be performed during the API invoker onboarding process.
8.11.2  Information flows
NOTE:
The security aspects of this procedure are specified in subclause 6.5.2.3 of TS 33.122.
8.11.3  Procedure
Figure 8.11.3-1 illustrates the procedure for obtaining authorization to access the service API.
Pre-condition:
  1. The API invoker is onboarded and has received an API invoker identity.
Up
  1. The API invoker sends an obtain service API authorization request to the CAPIF core function for obtaining permission to access the service API by including the API invoker identity information and any information required for authentication of the API invoker.
  2. The CAPIF core function validates the authentication of the API invoker (using authentication information) and checks whether the API invoker is permitted to access the requested service API.
  3. NOTE 1:
    The authentication process is specified in subclause 6.5.2.3 of TS 33.122.
  4. Based on the API invoker's subscription information the authorization information to access the service APIs is sent to the API invoker in the obtain service API authorization response.
  5. NOTE 2:
    The mechanism for distribution of the authorization information for the API invoker to the API exposing function is specified in subclause 6.5.2.3 of TS 33.122.
Up
8.12  AEF obtaining service API access control policyWord-p. 54
8.12.1  General
The CAPIF core function is the central repository of all the policies related to service APIs. The AEF executes this procedure when it needs to obtain the policy to perform access control on the service API invocations (e.g. when policy for performing access control on service API is unavailable at the AEF). The AEF can be within PLMN trust domain or within 3rd party trust domain.
8.12.2  Information flows
8.12.2.1  Obtain access control policy request
Table 8.12.2.1-1 describes the information flow obtain access control policy request from the AEF to the CAPIF core function.
Information element
Status
Description

Identity information
M
Identity information of the entity requesting the access control policy
Service API identification
M
The identification information of the service API for which the access control policy is being requested.

8.12.2.2  Obtain access control policy responseWord-p. 55
Table 8.12.2.2-1 describes the information flow obtain access control policy response from the CAPIF core function to the AEF.
Information element
Status
Description

Result
M
Indicates the success or failure of the obtain access control policy operation
Access control policy information
O (see NOTE)
The access control policy information corresponding to the requested service API.

NOTE:
Shall be present if the Result information element indicates that the obtain access control policy operation is successful. Otherwise access control policy information shall not be present.

Up
8.12.3  Procedure
Figure 8.12.3-1 illustrates the procedure for obtaining policy to perform access control on the service API invocations.
Pre-conditions:
  1. The AEF is hosting the service API but the policy to perform access control is not available with AEF.
  2. The CAPIF core function is configured with the access control policies corresponding to one or more service APIs.
  3. Authorization details of the AEF are available with the CAPIF core function.
Up
  1. The AEF sends an obtain access control policy request to the CAPIF core function for obtaining the policy to perform the access control on service API invocations by including the details of the hosted service API.
  2. The CAPIF core function checks whether the AEF is authorized to receive the access control policy corresponding to the service APIs requested.
  3. If authorization check is successful, the AEF is provided the access control policy for the service API via an obtain access control policy response. If authorization check is not successful, the AEF is provided with a failure indication via a obtain access control policy response.
NOTE:
To maintain synchronization between the AEF and the CAPIF core function for the policy cached at AEF, the AEF can subscribe to the policy update event at CAPIF core function according to the procedure in subclause 8.8.3 and receive notifications about any updated policy at CAPIF core function according to the procedure in subclause 8.8.4.
Up

Up   Top   ToC