Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  TS 23.222  Word version:  19.3.0

Top   Top   Up   Prev   Next
0…   4…   5…   6…   6.3…   6.4…   7…   8…   8.5…   8.8…   8.9…   8.13…   8.17…   8.21…   8.25…   8.26…   8.28…   8.30…   9…   10…   10.4…   10.7…   11…   A   B…   B.2…   B.3…   C…   D…

 

8.9  Revoking subscription of the CAPIF eventsp. 58

8.9.1  Generalp. 58

The CAPIF core function allows to revoke subscription of CAPIF events for the subscribing entity related to the service API changes, such as availability events of service APIs, change in service API information, monitoring service API invocations, API invoker onboarding events, etc. This procedure is initiated by the CAPIF core function.

8.9.2  Information flowsp. 59

This subclause describes the information flows for CAPIF event subscription revocation.

8.9.2.1  Subscription revoke notificationp. 59

Table 8.9.2.1-1 describes the information flow for subscription revoke notification from the CAPIF core function to the subscribing entity.
Information element Status Description
Identity informationMThe information to determine the identity of the subscribing entity
Subscription identifierMThe unique identifier for the event subscription that was provided to the subscribing entity during the CAPIF event subscription operation.
ReasonOIndicate the reason of subscription revocation
Up

8.9.2.2  Subscription revoke notification acknowledgementp. 59

Table 8.9.2.2-1 describes the information flow for subscription revoke notification acknowledgement from the subscribing entity to the CAPIF core function.
Information element Status Description
AcknowledgementMThe acknowledgement for the received notification.
Up

8.9.3  Procedurep. 59

Figure 8.9.3-1 illustrates the procedure for subscription revocation, triggered by the CAPIF core function.
Pre-condition:
  1. The subscribing entity has previously subscribed to CAPIF event(s) to the CAPIF core function.
Reproduction of 3GPP TS 23.222, Fig. 8.9.3-1: Procedure for revoking subscription of the CAPIF events
Up
Step 1.
The CAPIF core function decides to revoke subscription of CAPIF event(s) for the subscribing entity.
Step 2.
The CAPIF core function sends subscription revoke notification to the subscribing entity.
Step 3.
The subscribing entity provides a subscription revoke notification acknowledgement to the CAPIF core function.

8.10  Authentication between the API invoker and the CAPIF core functionp. 60

8.10.1  Generalp. 60

The procedure in this subclause corresponds to the architectural requirements for authentication between the API invoker and the CAPIF core function.

8.10.2  Information flowsp. 60

8.10.3  Procedurep. 60

Figure 8.10.3-1 illustrates the procedure for authentication between the API invoker and the CAPIF core function.
Pre-condition:
  1. The API invoker is onboarded with the CAPIF core function and the API invoker profile is created.
Reproduction of 3GPP TS 23.222, Fig. 8.10.3-1: Procedure for authentication between the API invoker and the CAPIF core function
Up
Step 1.
The API invoker triggers authentication to the CAPIF core function, including the identity confirmed after successful onboarding.
Step 2.
Upon receiving the authentication request, the CAPIF core function verifies the identity with the API invoker profile and authenticates the API invoker.
Step 3.
The CAPIF core function returns the result of the API invoker identity verification in the authentication response.
Up

8.11  API invoker obtaining authorization to access service APIp. 61

8.11.1  Generalp. 61

The API invoker requires to execute this procedure when it needs to obtain or re-obtain (e.g. upon expiry of the authorization information) the authorization to access the service API. Once the API invoker receives the authorization to access the service API, the API invoker can perform one or multiple service API invocations as per the permission limit. This procedure may be performed during the API invoker onboarding process.

8.11.2  Information flowsp. 61

8.11.3  Procedurep. 61

Figure 8.11.3-1 illustrates the procedure for obtaining authorization to access the service API.
Pre-condition:
  1. The API invoker is onboarded and has received an API invoker identity.
Reproduction of 3GPP TS 23.222, Fig. 8.11.3-1: Procedure for the API invoker obtaining authorization for service API access
Up
Step 1.
The API invoker sends an obtain service API authorization request to the CAPIF core function for obtaining permission to access the service API by including the API invoker identity information and any information required for authentication of the API invoker. The request may include desired Network Slice Info of the service API.
Step 2.
The CAPIF core function validates the authentication of the API invoker (using authentication information) and checks whether the API invoker is permitted to access the requested service API. The CAPIF core function may additionally verify the Network Slice Info, e.g., check that the desired Network Slice Info by the API invoker is included in the supported Network Slice Info for the indicated service API.
Step 3.
Based on the API invoker's subscription information the authorization information to access the service APIs is sent to the API invoker in the obtain service API authorization response.
Up

8.12  AEF obtaining service API access control policyp. 62

8.12.1  Generalp. 62

The CAPIF core function is the central repository of all the policies related to service APIs. The AEF executes this procedure when it needs to obtain the policy to perform access control on the service API invocations (e.g. when policy for performing access control on service API is unavailable at the AEF). The AEF can be within PLMN trust domain or within 3rd party trust domain.

8.12.2  Information flowsp. 62

8.12.2.1  Obtain access control policy requestp. 62

Table 8.12.2.1-1 describes the information flow obtain access control policy request from the AEF to the CAPIF core function.
Information element Status Description
Identity informationMIdentity information of the entity requesting the access control policy
Service API identificationMThe identification information of the service API for which the access control policy is being requested.
Up

8.12.2.2  Obtain access control policy responsep. 62

Table 8.12.2.2-1 describes the information flow obtain access control policy response from the CAPIF core function to the AEF.
Information element Status Description
ResultMIndicates the success or failure of the obtain access control policy operation
Access control policy informationO
(see NOTE)
The access control policy information corresponding to the requested service API. (See Table E-1).
NOTE:
Shall be present if the Result information element indicates that the obtain access control policy operation is successful. Otherwise access control policy information shall not be present.
Up

8.12.3  Procedurep. 62

Figure 8.12.3-1 illustrates the procedure for obtaining policy to perform access control on the service API invocations.
Pre-conditions:
  1. The AEF is hosting the service API but the policy to perform access control is not available with AEF.
  2. The CAPIF core function is configured with the access control policies corresponding to one or more service APIs.
  3. Authorization details of the AEF are available with the CAPIF core function.
Reproduction of 3GPP TS 23.222, Fig. 8.12.3-1: Procedure for the AEF obtaining service API access control policy
Up
Step 1.
The AEF sends an obtain access control policy request to the CAPIF core function for obtaining the policy to perform the access control on service API invocations by including the details of the hosted service API.
Step 2.
The CAPIF core function checks whether the AEF is authorized to receive the access control policy corresponding to the service APIs requested.
Step 3.
If authorization check is successful, the AEF is provided the access control policy for the service API via an obtain access control policy response. If authorization check is not successful, the AEF is provided with a failure indication via a obtain access control policy response.
Up

Up   Top   ToC